[Python-Dev] PEP 215 redux: toward a simplified consensus? (original) (raw)

Barry A. Warsaw barry@zope.com
Mon, 25 Feb 2002 18:04:46 -0500

• Previous message: [Python-Dev] PEP 215 redux: toward a simplified consensus?
• Next message: [Python-Dev] PEP 215 redux: toward a simplified consensus?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

"JE" == Jeff Epler <jepler@unpythonic.dhs.org> writes:

JE> On Mon, Feb 25, 2002 at 11:25:48PM +0100, Martin v. Loewis
JE> wrote:
>> That's not a vulnerability. It assumes that the translator is
>> an attacker, or that the attacker can change the catalogs. If
>> he is or can, you could not trust them, anyway, as they could
>> cause arbitrary other failures, as well.

JE> It means that you must audit not only your source code, but
JE> also your message catalogs, to determine whether information
JE> that is supposed to remain internal to a program is not
JE> formatted into a string.  Of course, it is fairly easy to do
JE> this audit by showing that the translated string doesn't
JE> contain substitution on any identifiers that the original
JE> string did not.

From what I've been told, newer versions (possibly not yet released) of the GNU gettext tools, will do exactly that, and understand Python syntax too (hmm, an argument for keeping the current crop of %-string rules?).

Alternatively, or in conjunction, you should be auditing your translation sites to make sure that maliciously translated strings can't access sensitive information.

-Barry

• Previous message: [Python-Dev] PEP 215 redux: toward a simplified consensus?
• Next message: [Python-Dev] PEP 215 redux: toward a simplified consensus?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]