This is the mail archive of the libc-alpha@sources.redhat.com mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: libintl: no way to use private message catalogs (resend)

From: Ulrich Drepper <drepper at redhat dot com>
To: Bruno Haible <haible at ilog dot fr>
Cc: libc-alpha at sources dot redhat dot com
Date: 28 Jun 2002 11:41:08 -0700
Subject: Re: libintl: no way to use private message catalogs (resend)
References: <15625.54710.703805.80759@honolulu.ilog.fr><1025285596.25515.22.camel@myware.mynet> <15644.42350.506818.718211@honolulu.ilog.fr>

On Fri, 2002-06-28 at 11:05, Bruno Haible wrote:

> The security issue is already handled; namely in setuid/setgid
> processes the absolute pathnames inside LANGUAGE will be ignored. Do
> you see any other security issue?

It's not only setuid/setgid.  Just use a shell script (transparently or
not) which has the LANGUAGE set to some inappropriate value.  Maybe even
accidental.

There will be no such change.  It's too dangerous.  It all was
considered waaaay back when.  We are going to great length to check
translations in msgfmt and all this would be thrown away by allowing
arbitrary catalogs to be used.

-- 
---------------.                          ,-.   1325 Chesapeake Terrace
Ulrich Drepper  \    ,-------------------'   \  Sunnyvale, CA 94089 USA
Red Hat          `--' drepper at redhat.com   `------------------------

Attachment: signature.asc
Description: This is a digitally signed message part

References:
- libintl: no way to use private message catalogs
  - From: Bruno Haible
- Re: libintl: no way to use private message catalogs (resend)
  - From: Ulrich Drepper
- Re: libintl: no way to use private message catalogs (resend)
  - From: Bruno Haible

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]