[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
What is GNU's policy regarding %format strings and gettext()?
From: |
Charles Levert |
Subject: |
What is GNU's policy regarding %format strings and gettext()? |
Date: |
Wed, 16 Nov 2005 16:55:31 -0500 |
User-agent: |
Mutt/1.4.1i |
Yesterday, I saw an announcement for another
GNU software package. It was said that
"... multi-part message strings were re-formed
to use a single printf formatting string".
But combining printf-format strings and gettext()
can lead to security vulnerabilities. In
"Write It Secure: Format Strings and Locale Filtering"
<http://www.dwheeler.com/essays/write_it_secure_1.html>
we find:
"The GNU C libraries (glibc) were
recently modified to protect against these
vulnerabilities."
but also
"... note that this filtering only worked
for setuid/setgid programs..."
GNU grep has many internationalized printf-format
strings. It also has such strings that do
not contain any %s but that are yet passed as
format-string argument to a printf-like function
(such as error()); this can easily be remedied
by use of a "%s" before the other string as
format-string argument. It also has strings
whose internationalization can be questioned,
such as the whole copyright notice line (instead
of just its " (C)"/" ©" part, which would have
the added benefit of not changing from release
to release).
So, is there a GNU policy regarding this?
- What is GNU's policy regarding %format strings and gettext()?,
Charles Levert <=