From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <glibc-bugs-return-11568-listarch-glibc-bugs=sources.redhat.com@sourceware.org>
Received: (qmail 29363 invoked by alias); 11 Aug 2010 20:07:25 -0000
Received: (qmail 28893 invoked by uid 48); 11 Aug 2010 20:07:08 -0000
Date: Wed, 11 Aug 2010 20:07:00 -0000
From: "truedfx at gentoo dot org" <sourceware-bugzilla@sourceware.org>
To: glibc-bugs@sources.redhat.com
Message-ID: <20100811200707.11904.truedfx@gentoo.org>
Reply-To: sourceware-bugzilla@sourceware.org
Subject: [Bug localedata/11904] New: locale command does not quote (invalid) locale strings
X-Bugzilla-Reason: CC
Mailing-List: contact glibc-bugs-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Id: <glibc-bugs.sourceware.org>
List-Subscribe: <mailto:glibc-bugs-subscribe@sourceware.org>
List-Post: <mailto:glibc-bugs@sourceware.org>
List-Help: <mailto:glibc-bugs-help@sourceware.org>, <http://sourceware.org/lists.html#faqs>
Sender: glibc-bugs-owner@sourceware.org
X-SW-Source: 2010-08/txt/msg00057.txt.bz2

eval "`locale`" is supposed to be safe. From
<http://www.opengroup.org/onlinepubs/000095399/utilities/locale.html>: "The
<value> and <implied value> shown above shall be properly quoted for possible
later reentry to the shell." glibc's locale command does not do this, and as a
result, if a script does eval "`locale`", it misbehaves badly when someone
figures out to set LANG to ' rm -rf /'.

$ LANG=' rm -rf /' locale
locale: Cannot set LC_CTYPE to default locale: No such file or directory
locale: Cannot set LC_MESSAGES to default locale: No such file or directory
locale: Cannot set LC_ALL to default locale: No such file or directory
LANG= rm -rf /
LC_CTYPE=" rm -rf /"
LC_NUMERIC=" rm -rf /"
LC_TIME=" rm -rf /"
LC_COLLATE=" rm -rf /"
LC_MONETARY=" rm -rf /"
LC_MESSAGES=" rm -rf /"
LC_PAPER=" rm -rf /"
LC_NAME=" rm -rf /"
LC_ADDRESS=" rm -rf /"
LC_TELEPHONE=" rm -rf /"
LC_MEASUREMENT=" rm -rf /"
LC_IDENTIFICATION=" rm -rf /"
LC_ALL=
$ echo $?
0

-- 
           Summary: locale command does not quote (invalid) locale strings
           Product: glibc
           Version: 2.11
            Status: NEW
          Severity: normal
          Priority: P2
         Component: localedata
        AssignedTo: libc-locales at sources dot redhat dot com
        ReportedBy: truedfx at gentoo dot org
                CC: glibc-bugs at sources dot redhat dot com


http://sourceware.org/bugzilla/show_bug.cgi?id=11904

------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.