This is the mail archive of the libc-alpha@sources.redhat.com mailing list for the glibc project.
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |
Other format: | [Raw text] |
On Fri, 2002-06-28 at 11:05, Bruno Haible wrote: > The security issue is already handled; namely in setuid/setgid > processes the absolute pathnames inside LANGUAGE will be ignored. Do > you see any other security issue? It's not only setuid/setgid. Just use a shell script (transparently or not) which has the LANGUAGE set to some inappropriate value. Maybe even accidental. There will be no such change. It's too dangerous. It all was considered waaaay back when. We are going to great length to check translations in msgfmt and all this would be thrown away by allowing arbitrary catalogs to be used. -- ---------------. ,-. 1325 Chesapeake Terrace Ulrich Drepper \ ,-------------------' \ Sunnyvale, CA 94089 USA Red Hat `--' drepper at redhat.com `------------------------
Attachment:
signature.asc
Description: This is a digitally signed message part
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |