[15960] in bugtraq
Re: StackGuard with ... Re: [Paper] Format bugs.
daemon@ATHENA.MIT.EDU (Robert Bihlmeyer)
Tue Jul 25 18:06:43 2000
MIME-Version: 1.0
content-Type: multipart/signed; boundary="----------=_964548403-776-0";
micalg="pgp-sha1"; protocol="application/pgp-signature"
Message-ID: <87n1j6krtf.fsf@hoss.orcus.priv.at>
Date: Tue, 25 Jul 2000 20:06:36 +0200
Reply-To: Robert Bihlmeyer <robbe@ORCUS.PRIV.AT>
From: Robert Bihlmeyer <robbe@ORCUS.PRIV.AT>
X-To: Morten Welinder <terra@DIKU.DK>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: Morten Welinder's message of "Mon, 24 Jul 2000 19:48:34 +0200"
This is a multi-part message in MIME format.
It has been signed conforming to RFC2015.
You'll need PGP or GPG to check the signature.
------------=_964548403-776-0
Content-Type: text/plain; charset=us-ascii
Morten Welinder <terra@DIKU.DK> writes:
> s = g_strdup_printf (
> _("Workbook %s has unsaved changes, save them?"),
> g_basename (wb->filename));
>
>
> (Which reminds me: I sure hope that the language files cannot be
> controlled by a malicious user. That would allow putting extra
> %-escapes into just about any format string. Ugh.)
The GNU libc here (2.1.3) ignores LC_MESSAGES and friends containing
slashes if uid!=euid || gid!=egid. You should not allow unfiltered
remote access to LANG, LC_MESSAGES, or LC_ALL (e.g. through a CGI).
--
Robbe
------------=_964548403-776-0
Content-Type: application/pgp-signature; name="signature.ng"
Content-Disposition: inline; filename="signature.ng"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE5fdc533KcuuZYPvsRAs9SAJ9g7KuwGW0ltyh+Xz+V2a94onVRgQCgoQoV
ffH/eSezOmJZ8FwZOPT/SKk=
=iNx1
-----END PGP SIGNATURE-----
------------=_964548403-776-0--
