OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: Format strings & i18n
From: Solar Designer (solarfalse.com)
Date: Sat Oct 14 2000 - 15:33:52 CDT


> > > PS. While writing this I noticed that sudo doesn't seem to clear LANGUAGE
> > > etc. environment ...
> >
> > IMO, this needs to be changed.
>
> So every time a Japanese user types su and doesnt speak English they are lost ?

No. sudo and su are quite different. With sudo, the user isn't
trusted to obtain unrestricted shell access.

If sudo is used to provide a shell or run a locale-sensitive command,
a script should be written that sets up the environment after sudo.

(It may be possible in sudo to sanitize locale-related env vars with
known meaning without unsetting them completely, for convenience.)

> Suid programs should probably only use message catalogs that are either
> a) root owned or b) subject to some kind of path restriction.

Yes, but this is a different issue. With sudo, programs don't know
they're being run with elevated privilege.

> Tools like su and sudo explicitly preserve environment, su - should change
> language if the root user is set up on that box to another language.

I am not suggesting that we change su, even though properties like
this result in that it is more secure to login as root rather than
su to root, despite the popular belief and what OpenBSD tells us. ;-)

Signed,
Solar Designer