Bug 18669 - write from util-linux uses locale to determine printable characters
write from util-linux uses locale to determine printable characters
Product: Red Hat Linux
Classification: Retired
Component: util-linux (Show other bugs)
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Elliot Lee
Dale Lovelace
Depends On:
  Show dependency treegraph
Reported: 2000-10-08 23:14 EDT by Tim
Modified: 2007-04-18 12:29 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2001-07-18 02:14:58 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Tim 2000-10-08 23:14:42 EDT
write from util-linux uses the current LC_CTYPE locale setting to 
determine which characters are printable. As far as I can tell, write 
escapes non-printing characters to stop malicious users sending control 
characters to others' terminals. It should not use LC_CTYPE to determine 
which characters are printable. wall from util-linux has the same flaw but 
is not used in Red Hat Linux to my knowledge.
Comment 1 Elliot Lee 2001-07-17 18:34:34 EDT
Why is this behaviour a flaw?

Apologies for the unresponsiveness of the previous util-linux packager...
Comment 2 Tim 2001-07-18 02:14:53 EDT
It uses the locale of the user sending the message to determine whether 
characters are printable, instead of the receiving user's locale (which isn't 
possible to obtain). There is a possibility that a character marked as being 
printable from my locale is not printable in theirs, so they would get garbage 
printed or other strange behaviour.
Comment 3 Elliot Lee 2001-07-20 00:46:37 EDT
Hmm, you're right about the bug. The problem is:

1. There's no way to know what the receiving user's locale is on the sending 
2. Because of the 'write' design, there is no way to do filtering on the 
receiving end.

I agree that it is a bug, but it is basically impossible to fix AFAIK, and it 
does not seem of high enough priority to investigate further, so I'm closing it 
for now. Patches or workable ideas are always welcome, though.

Thanks for the info.

Note You need to log in before you can comment on or make changes to this bug.