write from util-linux uses the current LC_CTYPE locale setting to
determine which characters are printable. As far as I can tell, write
escapes non-printing characters to stop malicious users sending control
characters to others' terminals. It should not use LC_CTYPE to determine
which characters are printable. wall from util-linux has the same flaw but
is not used in Red Hat Linux to my knowledge.
Why is this behaviour a flaw?
Apologies for the unresponsiveness of the previous util-linux packager...
It uses the locale of the user sending the message to determine whether
characters are printable, instead of the receiving user's locale (which isn't
possible to obtain). There is a possibility that a character marked as being
printable from my locale is not printable in theirs, so they would get garbage
printed or other strange behaviour.
Hmm, you're right about the bug. The problem is:
1. There's no way to know what the receiving user's locale is on the sending
2. Because of the 'write' design, there is no way to do filtering on the
I agree that it is a bug, but it is basically impossible to fix AFAIK, and it
does not seem of high enough priority to investigate further, so I'm closing it
for now. Patches or workable ideas are always welcome, though.
Thanks for the info.