Bug 18669 - write from util-linux uses locale to determine printable characters
Summary: write from util-linux uses locale to determine printable characters
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: util-linux
Version: 6.2
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Elliot Lee
QA Contact: Dale Lovelace
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2000-10-09 03:14 UTC by Tim
Modified: 2007-04-18 16:29 UTC (History)
1 user (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2001-07-18 06:14:58 UTC
Embargoed:


Attachments (Terms of Use)

Description Tim 2000-10-09 03:14:42 UTC
write from util-linux uses the current LC_CTYPE locale setting to 
determine which characters are printable. As far as I can tell, write 
escapes non-printing characters to stop malicious users sending control 
characters to others' terminals. It should not use LC_CTYPE to determine 
which characters are printable. wall from util-linux has the same flaw but 
is not used in Red Hat Linux to my knowledge.

Comment 1 Elliot Lee 2001-07-17 22:34:34 UTC
Why is this behaviour a flaw?

Apologies for the unresponsiveness of the previous util-linux packager...

Comment 2 Tim 2001-07-18 06:14:53 UTC
It uses the locale of the user sending the message to determine whether 
characters are printable, instead of the receiving user's locale (which isn't 
possible to obtain). There is a possibility that a character marked as being 
printable from my locale is not printable in theirs, so they would get garbage 
printed or other strange behaviour.

Comment 3 Elliot Lee 2001-07-20 04:46:37 UTC
Hmm, you're right about the bug. The problem is:

1. There's no way to know what the receiving user's locale is on the sending 
end.
2. Because of the 'write' design, there is no way to do filtering on the 
receiving end.

I agree that it is a bug, but it is basically impossible to fix AFAIK, and it 
does not seem of high enough priority to investigate further, so I'm closing it 
for now. Patches or workable ideas are always welcome, though.

Thanks for the info.


Note You need to log in before you can comment on or make changes to this bug.