This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: intl: Proof against invalid offset/length
- From: Daiki Ueno <ueno at gnu dot org>
- To: Carlos O'Donell <carlos at redhat dot com>
- Cc: bug-gettext at gnu dot org, Jakub Wilk <jwilk at debian dot org>, libc-alpha at sourceware dot org
- Date: Wed, 11 Mar 2015 16:31:59 +0900
- Subject: Re: intl: Proof against invalid offset/length
- Authentication-results: sourceware.org; auth=none
- References: <m3oao06pj3 dot fsf-ueno at gnu dot org> <54FFE323 dot 4000704 at redhat dot com> <20150311071036 dot GA9455 at vapier>
Mike Frysinger <vapier@gentoo.org> writes:
>> What strong technical reasons do you have for propsing these additional
>> checks?
>
> i thought you could control things via $TEXTDOMAIN/$TEXTDOMAINDIR, but it looks
> like just `bash` and `gettext` respect those ? so if you have a shell script
> that either directly supports translated messages (e.g. bash's $"..."), or
> indirectly (e.g. manually calling `gettext`), and it doesn't lock down the
> TEXTDOMAINDIR envvar properly, you could get them to load untrusted data and
> crash due to the omitted range checks in glibc ?
bindtextdomain is the only place to configure the location, and it
seems to be the design:
http://thread.gmane.org/gmane.comp.lib.glibc.alpha/575
However, I too observed a few programs which use the location obtained
from environment variable. Perhaps it would be nice to suggest using
the fixed location in the documentation.
Regards,
--
Daiki Ueno