[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [bug-gettext] intl: Proof against invalid offset/length
From: |
Mike Frysinger |
Subject: |
Re: [bug-gettext] intl: Proof against invalid offset/length |
Date: |
Wed, 11 Mar 2015 03:10:36 -0400 |
On 11 Mar 2015 02:39, Carlos O'Donell wrote:
> On 03/11/2015 02:01 AM, Daiki Ueno wrote:
> > It is surprising that there are no checks of lengths/offsets read from
> > MO files. Currently, I'm thinking of the attached patch (to gettext),
> > which is a bit complicated. If anyone could suggest a cleaner approach,
> > I'd appreciate it.
>
> Why does it surprise you?
>
> The MO files are writable only by root, so it's not a security issue
> because if you could write to them you'd be root, and you'd have
> full access to the system anyway.
>
> The other alternative is that the filesystem is corrupted and loading
> the MO file crashes your application. This is expected since the
> filesystem is corrupted. You are suggesting we add some rather complex
> checking for the possibly low probability case of a corrupted
> filesystem. If the filesystem is corrupted other things will be failing
> and you need to fix the corruption.
>
> What strong technical reasons do you have for propsing these additional
> checks?
i thought you could control things via $TEXTDOMAIN/$TEXTDOMAINDIR, but it looks
like just `bash` and `gettext` respect those ? so if you have a shell script
that either directly supports translated messages (e.g. bash's $"..."), or
indirectly (e.g. manually calling `gettext`), and it doesn't lock down the
TEXTDOMAINDIR envvar properly, you could get them to load untrusted data and
crash due to the omitted range checks in glibc ?
i'm not really familiar with how much gettext relies on glibc though or if it
just entirely uses its own copy of code.
using Debian's code search [1], it looks like git provides GIT_TEXTDOMAINDIR to
override the default TEXTDOMAINDIR. i stopped at page ~6 ;).
-mike
[1] http://codesearch.debian.net/perpackage-results/TEXTDOMAINDIR/
signature.asc
Description: Digital signature
- [bug-gettext] intl: Proof against invalid offset/length, Daiki Ueno, 2015/03/11
- Re: [bug-gettext] intl: Proof against invalid offset/length, Carlos O'Donell, 2015/03/11
- Re: [bug-gettext] intl: Proof against invalid offset/length,
Mike Frysinger <=
- Re: [bug-gettext] intl: Proof against invalid offset/length, Bruno Haible, 2015/03/11
- Re: [bug-gettext] intl: Proof against invalid offset/length, Florian Weimer, 2015/03/13
- Re: [bug-gettext] intl: Proof against invalid offset/length, Carlos O'Donell, 2015/03/13
- Re: [bug-gettext] intl: Proof against invalid offset/length, Daiki Ueno, 2015/03/19
- Re: [bug-gettext] intl: Proof against invalid offset/length, Florian Weimer, 2015/03/20
- Re: [bug-gettext] intl: Proof against invalid offset/length, Daiki Ueno, 2015/03/20
- Re: [bug-gettext] intl: Proof against invalid offset/length, Florian Weimer, 2015/03/23