libintl: no way to use private message catalogs (resend)
Ulrich Drepper
drepper@redhat.com
Fri Jun 28 13:24:00 GMT 2002
On Fri, 2002-06-28 at 11:05, Bruno Haible wrote:
> The security issue is already handled; namely in setuid/setgid
> processes the absolute pathnames inside LANGUAGE will be ignored. Do
> you see any other security issue?
It's not only setuid/setgid. Just use a shell script (transparently or
not) which has the LANGUAGE set to some inappropriate value. Maybe even
accidental.
There will be no such change. It's too dangerous. It all was
considered waaaay back when. We are going to great length to check
translations in msgfmt and all this would be thrown away by allowing
arbitrary catalogs to be used.
--
---------------. ,-. 1325 Chesapeake Terrace
Ulrich Drepper \ ,-------------------' \ Sunnyvale, CA 94089 USA
Red Hat `--' drepper at redhat.com `------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 232 bytes
Desc: This is a digitally signed message part
URL: <http://sourceware.org/pipermail/libc-alpha/attachments/20020628/8b628c7f/attachment.sig>
More information about the Libc-alpha
mailing list