|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Format strings & i18n
From: Jarno Huuskonen (jhuuskon
messi.uku.fi)Date: Tue Oct 03 2000 - 07:08:19 CDT
- Next message: James Antill: "Re: Format strings & i18n"
- Previous message: Pekka Savola: "remote root vulnerability in cfengine"
- Next in thread: James Antill: "Re: Format strings & i18n"
- Reply: Solar Designer: "Re: Format strings & i18n"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi,
Lot of programs blindly feed the result of catget to various printf
type functions. While usually this has no security problems
(no suid/sgid programs) it still allows users to define their own
path for the messages (LANGUAGE=../../../tmp etc.) and these messages can
have all the nice formatstrings.
The security risk comes if some (l)user is allowed to run some program
with root privs (for example with sudo) and all the environment is not
cleaned (LANGUAGE etc.) --> luser can use his/her own messages.
I think it would be a good idea to have somekind of support in (glibc?) to
catch crazy i18n format strings. Perhaps it could count the formatters in
the original message and if there're more in i18n version then use the
original.
So instead of fprintf(stderr, catget("You made a %s mistake"), progname);
Programmers would use:
fprintf(stderr, verify_catget("You made a %s mistake"), progname);
Does this rambling make any sense at all ?
-Jarno
PS. While writing this I noticed that sudo doesn't seem to clear LANGUAGE
etc. environment ...
-- Jarno Huuskonen - System Administrator | Jarno.Huuskonen
- Next message: James Antill: "Re: Format strings & i18n"
- Previous message: Pekka Savola: "remote root vulnerability in cfengine"
- Next in thread: James Antill: "Re: Format strings & i18n"
- Reply: Solar Designer: "Re: Format strings & i18n"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]