Mike Frysinger <[email protected]> writes: >> What strong technical reasons do you have for propsing these additional >> checks? > > i thought you could control things via $TEXTDOMAIN/$TEXTDOMAINDIR, but it > looks > like just `bash` and `gettext` respect those ? so if you have a shell script > that either directly supports translated messages (e.g. bash's $"..."), or > indirectly (e.g. manually calling `gettext`), and it doesn't lock down the > TEXTDOMAINDIR envvar properly, you could get them to load untrusted data and > crash due to the omitted range checks in glibc ?
bindtextdomain is the only place to configure the location, and it seems to be the design: http://thread.gmane.org/gmane.comp.lib.glibc.alpha/575 However, I too observed a few programs which use the location obtained from environment variable. Perhaps it would be nice to suggest using the fixed location in the documentation. Regards, -- Daiki Ueno
