Red Hat Bugzilla – Bug 18669
write from util-linux uses locale to determine printable characters
Last modified: 2007-04-18 12:29:06 EDT
write from util-linux uses the current LC_CTYPE locale setting to determine which characters are printable. As far as I can tell, write escapes non-printing characters to stop malicious users sending control characters to others' terminals. It should not use LC_CTYPE to determine which characters are printable. wall from util-linux has the same flaw but is not used in Red Hat Linux to my knowledge.
Why is this behaviour a flaw? Apologies for the unresponsiveness of the previous util-linux packager...
It uses the locale of the user sending the message to determine whether characters are printable, instead of the receiving user's locale (which isn't possible to obtain). There is a possibility that a character marked as being printable from my locale is not printable in theirs, so they would get garbage printed or other strange behaviour.
Hmm, you're right about the bug. The problem is: 1. There's no way to know what the receiving user's locale is on the sending end. 2. Because of the 'write' design, there is no way to do filtering on the receiving end. I agree that it is a bug, but it is basically impossible to fix AFAIK, and it does not seem of high enough priority to investigate further, so I'm closing it for now. Patches or workable ideas are always welcome, though. Thanks for the info.