[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] safelocale
|
From: |
Chet Ramey |
|
Subject: |
Re: [PATCH] safelocale |
|
Date: |
Sun, 01 Mar 2009 19:49:36 -0500 |
|
User-agent: |
Thunderbird 2.0.0.19 (Macintosh/20081209) |
Greg Wooledge wrote:
> I wrote this after learning of a security hole in $"..." expansion.
> (See http://www.gnu.org/software/gettext/manual/html_node/bash.html
> for details of that.)
It seems to me that the security hole is the possibility of command
substitution, rather than arbitary word expansions, which are
inconvenient at worst.
Inhibiting all expansions to protect against possibly malicious
translated strings is a rather large stick to use.
Chet
--
``The lyf so short, the craft so long to lerne.'' - Chaucer
Chet Ramey, ITS, CWRU chet@case.edu http://cnswww.cns.cwru.edu/~chet/
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- Re: [PATCH] safelocale,
Chet Ramey <=