Vulnerability Development mailing list archives

RE: LC_COLLATE=en_US

From: "Holmes, Ben" <Ben.Holmes () getronics com>
Date: Fri, 6 Sep 2002 18:01:57 +1000

Strangely enough, Cygwin is right by default...

I believe RedHat also develops that...

Unfortunately, "touch a" and "touch A" are equivalent it would seem in
the version I am running and that in itself may cause all sorts of
security problems (if I create a file called "A" then I echo some text
into a file called "a" it will add it to the file called "A")

Personally, I would only consider Cygwin a development or "handy little
tech thing" product, not for use in a production environment especially
where it is a server or in a "security critical" environment... of
course others may differ.  Either way, it is handy but I certainly
expected it to be the same as RedHat Linux here... I wonder if other
distros are the same here...

I always thought that RedHat LINUX would stay closer to standard UNIX
than CygWin :)

I tried this on a box I run it on (Windows 2000, NTFS)...

$uname -a
CYGWIN_NT-5.0 SHEBURNS 1.3.3(0.46/3/2) 2001-09-12 23:54 i686 unknown

$ touch a B c d

$ echo [a-z]
a c d

$ 

But then, I have no idea how CygWin plays with locales.

-- Benjamin Holmes

-----Original Message-----
From: Seth Arnold [mailto:sarnold () wirex com]
Sent: Thursday, September 05, 2002 5:27 AM
To: vuln-dev () securityfocus com
Subject: LC_COLLATE=en_US

Greetings;

I recently found the default settings of LC_COLLATE on a recent RedHat
Linux distribution to be highly surprising. An example:

$ touch a A b
$ echo [a-z]
a A b

I am much more used to LC_COLLATE=C behavior:
$ touch a A b
$ echo [a-z]
a b

I would wager there is some software that expects 
LC_COLLATE=C as well.
I just don't have the time to search for them, so I turn to you, the
good reader, in the hopes that you will have time to search for
unexpected behavior on systems where LC_COLLATE does not reflect
traditional Unix behavior.

Happy Hunting!

-- 
It seems the power has been robbed from the founding fathers 
and is now
firmly in the hand of the funding fathers -- Rik van Riel

Attachment: smime.p7s
Description:

Current thread:

LC_COLLATE=en_US Seth Arnold (Sep 04)
- <Possible follow-ups>
- RE: LC_COLLATE=en_US Holmes, Ben (Sep 06)