View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0000497 | 1003.1(2008)/Issue 7 | System Interfaces | public | 2011-09-29 17:06 | 2019-06-10 08:55 |
| Reporter | Assigned To | ajosey | |||
| Priority | normal | Severity | Editorial | Type | Clarification Requested |
| Status | Closed | Resolution | Accepted As Marked | ||
| Name | Rob King | ||||
| Organization | |||||
| User Reference | |||||
| Section | catopen | ||||
| Page Number | 639 | ||||
| Line Number | 21682-21686 | ||||
| Interp Status | --- | ||||
| Final Accepted Text | See 0000497:0000983 | ||||
| Summary | 0000497: catopen has undefined semantics with regards to NLSPATH | ||||
| Description | The catopen interface has the following definition with regards to NLSPATH: If name contains a '/' , then name specifies a complete name for the message catalog. Otherwise, the environment variable NLSPATH is used with name substituted for the %N conversion specification (see XBD Environment Variables ). If NLSPATH exists in the environment when the process starts, then if the process has appropriate privileges, the behavior of catopen() is undefined. This would seem to imply that having the NLSPATH environment variable specified in the environment makes the usage of catopen undefined. | ||||
| Desired Action | A clarification as to how catopen interacts with NLSPATH. | ||||
| Tags | tc2-2008 | ||||
|
|
The third paragraph of the Application Usage section already notes that there are no guidelines in the standard for the location of message catalogs. To be sure that messages produced by an application running with "appropriate privileges" (such as root privileges) can't be used by a hacker setting a strange value for NLSPATH in the environment to confuse a system administrator, such applications are required to use absolute pathnames to get defined behavior when using catopen() to open a message catalog. |
|
|
Add a new paragraph to APPLICATION USAGE (after line 21734): To be sure that messages produced by an application running with "appropriate privileges" cannot be used by a attacker setting an unexpected value for NLSPATH in the environment to confuse a system administrator, such applications should use pathnames containing a '/' to get defined behavior when using catopen() to open a message catalog. Also at line 21685 change "...on page 173). If NLSPATH exists in the environment ..." to "on page 173); if NLSPATH exists in the environment..." |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2011-09-29 17:06 |
|
New Issue | |
| 2011-09-29 17:06 |
|
Status | New => Under Review |
| 2011-09-29 17:06 |
|
Assigned To | => ajosey |
| 2011-09-29 17:06 |
|
Name | => Rob King |
| 2011-09-29 17:06 |
|
Section | => catopen |
| 2011-09-29 17:06 |
|
Page Number | => unknown |
| 2011-09-29 17:06 |
|
Line Number | => unknown |
| 2011-09-30 17:16 | Don Cragun | Page Number | unknown => 639 |
| 2011-09-30 17:16 | Don Cragun | Line Number | unknown => 21682-21686 |
| 2011-09-30 17:16 | Don Cragun | Interp Status | => --- |
| 2011-09-30 17:16 | Don Cragun | Note Added: 0000977 | |
| 2011-10-06 16:13 | nick | Note Added: 0000983 | |
| 2011-10-06 16:16 | nick | Final Accepted Text | => See 0000497:0000983 |
| 2011-10-06 16:16 | nick | Status | Under Review => Resolution Proposed |
| 2011-10-06 16:16 | nick | Resolution | Open => Accepted As Marked |
| 2011-10-06 16:18 | nick | Note Edited: 0000983 | |
| 2011-10-06 16:19 | nick | Tag Attached: tc2-2008 | |
| 2011-10-06 16:21 | nick | Status | Resolution Proposed => Resolved |
| 2013-01-18 16:06 | jim_pugsley | Relationship added | related to 0000645 |
| 2019-06-10 08:55 | agadmin | Status | Resolved => Closed |
