Re: Translating format strings

To: "Marcelo E. Magallon" <mmagallo@debian.org>, Debian Developers <debian-devel@lists.debian.org>
Subject: Re: Translating format strings
From: Daniel Jacobowitz <dan@debian.org>
Date: Sun, 10 Mar 2002 12:43:46 -0500
Message-id: <[🔎] 20020310124346.A769@nevyn.them.org>
Mail-followup-to: "Marcelo E. Magallon" <mmagallo@debian.org>, Debian Developers <debian-devel@lists.debian.org>
In-reply-to: <[🔎] 20020310172205.GA1988@ysabell.wh.vaih>
References: <[🔎] 20020310172205.GA1988@ysabell.wh.vaih>

On Sun, Mar 10, 2002 at 06:22:05PM +0100, Marcelo E. Magallon wrote:
> Hi,
> 
>  I'm sorry if this is a bit off-topic, it concerns a wishlist bug in one
>  of my packages.
> 
>  printf(_("Writing frame: %d  %d => %d bytes\n"), ...);
> 
>  Would that be exploitable?  The program in question is a regular
>  gtk app, not setuid or anything like that.

No, gettext is supposed to handle this correctly.  If you're setuid
and you use the gettext in glibc, translation will be disabled.  If you
allow some other way for users of the program to cause your environment
variables to be changed, and run as a server, then you're just stupid
:).  Similarly if there is an installed message catalog with the wrong
number of %d specifiers or such, then that's a bug.

In general, it's fine.

-- 
Daniel Jacobowitz                           Carnegie Mellon University
MontaVista Software                         Debian GNU/Linux Developer

Reply to:

Follow-Ups:
- Re: Translating format strings
  - From: "Marcelo E. Magallon" <mmagallo@debian.org>

References:
- Translating format strings
  - From: "Marcelo E. Magallon" <mmagallo@debian.org>

Prev by Date: Re: [2002-03-10] Release Status Update
Next by Date: Bug#137729: ITP: wmpuzzle -- WindowMaker dock app 4x4 puzzle
Previous by thread: Translating format strings
Next by thread: Re: Translating format strings
Index(es):
- Date
- Thread