bug-bash
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH] safelocale

From: Greg Wooledge
Subject: [PATCH] safelocale
Date: Sat, 28 Feb 2009 15:55:13 -0500
User-agent: Mutt/1.4.2.2i 
I wrote this after learning of a security hole in $"..." expansion.
(See http://www.gnu.org/software/gettext/manual/html_node/bash.html
for details of that.)

It seems the maintainer of gettext is trying to push the use of the
portable sh syntax, for example

  cd $var || error "`eval_gettext \"Can\'t cd to \\\$var.\"`"

(example taken from the advanced bash scripting guide).  This strikes
me as a step backward, personally.  $"..." is so much more elegant and
efficient, since it calls gettext() in-process instead of invoking
the external gettext for every translation.

So, I considered a few workarounds to this.  One would be to pre-load
the entire .mo file into an associative array at start-up, which is
possible, but requires the installation of gettext command-line tools
on the target system; requires knowledge of the exact location of the
correct .mo file at run-time, which is problematic; requires lots of
memory to hold the entire catalog; and involves parsing msgunfmt output.

Another would be to use the `eval_gettext \"\'\\\$\"`" stuff.  *shudder*

Another would be to modify bash so that it doesn't create the security
hole in the first place.  I thought of two ways to do that: make a new
option that causes parameter expansions (etc.) to be done BEFORE the
locale expansion; or make a new option that causes parameter expansions
(etc.) not to be done at all.

Since I'm not all that familiar with the parser code, I looked through
it and found that the latter looked significantly easier.  I wrote the
patch, tested it, and here it is.

(I'm currently writing this e-mail through a set of ssh jumps, and
UTF-8 isn't working, so I've stripped out non-ASCII characters here.)

  griffon:~/tmp$ shopt -s safelocale
  griffon:~/tmp$ echo $"How are you?"
  Como esta, $(id)?
  griffon:~/tmp$ shopt -u safelocale
  griffon:~/tmp$ echo $"How are you?"
  Como esta, uid=1000(greg) gid=1000(greg) 
grupos=24(cdrom),25(floppy),29(audio),40(src),1000(greg),1007(freenet)?

Note that if you use this feature, certain script practices will have
to change.  For example,

  echo $"The answer is $answer"

should be replaced with

  printf $"The answer is %s\n" "$answer"

I always found it counter-intuitive that $"foo $bar" worked in the first
place, since I would have expected the $bar expansion to occur before
the locale expansion.  But people I've talked with said there were using
$"foo $bar" in practice, so this definitely affects them.

If Chet's horrified by my approach or my code, and would prefer to write
his own implementation, or rename the shopt to something other than
"safelocale", that's fine with me too.

Attachment: bash-4.0-safelocale.diff
Description: Text document

reply via email to
[Prev in Thread] Current Thread [Next in Thread]