On 2010-08-13 11:18:00 +0200, Stefan Sperling wrote: > On Fri, Aug 13, 2010 at 09:37:57AM +0200, Vincent Lefevre wrote: > > On 2010-08-13 08:16:48 +0200, Alexander Skwar wrote: > > > 2010/8/13 Vincent Lefevre <vincent-...@vinc17.net> > > > > > > > > On 2010-08-12 17:16:37 +0200, Stefan Sperling wrote: > > > > > > > > ~/bin/mysvn: > > > > > #!/bin/sh > > > > > env LC_CTYPE="en_US.<preferred charset>" svn update > > > > > > > > Wrong, wrong, wrong! Security hole! > > ... in your terminal.
Stop saying nonsense. What you proposed is wrong. The locale must match the settings of the terminal. Period. > > No it is wrong because the above script may send non-printable > > characters to the terminal, such as control sequences. Such > > control sequences can wreck the terminal and depending on its > > configuration, send the contents to a printer. > > Use a terminal that does not have security holes. In general, one doesn't know that there is a security hole until is it discovered. In the case of xterm, this has eventually been fixed (after I reported the bug). But filtering non-printable characters before sending them to the terminal should be done by the application. -- Vincent Lefèvre <vinc...@vinc17.net> - Web: <http://www.vinc17.net/> 100% accessible validated (X)HTML - Blog: <http://www.vinc17.net/blog/> Work: CR INRIA - computer arithmetic / Arénaire project (LIP, ENS-Lyon)
