Bugtraq mailing list archives

Re: StackGuard with ... Re: [Paper] Format bugs.

From: Robert Bihlmeyer <robbe () ORCUS PRIV AT>
Date: Tue, 25 Jul 2000 20:06:36 +0200

Morten Welinder <terra () DIKU DK> writes:

    s = g_strdup_printf (
          _("Workbook %s has unsaved changes, save them?"),
        g_basename (wb->filename));


(Which reminds me: I sure hope that the language files cannot be
controlled by a malicious user.  That would allow putting extra
%-escapes into just about any format string.  Ugh.)


The GNU libc here (2.1.3) ignores LC_MESSAGES and friends containing
slashes if uid!=euid || gid!=egid. You should not allow unfiltered
remote access to LANG, LC_MESSAGES, or LC_ALL (e.g. through a CGI).

--
Robbe

Attachment: signature.ng
Description:

Current thread:

Re: StackGuard with ... Re: [Paper] Format bugs. Morten Welinder (Jul 24)
- Re: StackGuard with ... Re: [Paper] Format bugs. Robert Bihlmeyer (Jul 25)
- <Possible follow-ups>
- Re: StackGuard with ... Re: [Paper] Format bugs. Ken Alverson (Jul 25)