[Python-Dev] PEP 215 redux: toward a simplified consensus?

Barry A. Warsaw barry@zope.com
Mon, 25 Feb 2002 18:04:46 -0500

>>>>> "JE" == Jeff Epler <jepler@unpythonic.dhs.org> writes:

    JE> On Mon, Feb 25, 2002 at 11:25:48PM +0100, Martin v. Loewis
    JE> wrote:
    >> That's not a vulnerability. It assumes that the translator is
    >> an attacker, or that the attacker can change the catalogs. If
    >> he is or can, you could not trust them, anyway, as they could
    >> cause arbitrary other failures, as well.

    JE> It means that you must audit not only your source code, but
    JE> also your message catalogs, to determine whether information
    JE> that is supposed to remain internal to a program is not
    JE> formatted into a string.  Of course, it is fairly easy to do
    JE> this audit by showing that the translated string doesn't
    JE> contain substitution on any identifiers that the original
    JE> string did not.

>From what I've been told, newer versions (possibly not yet released)
of the GNU gettext tools, will do exactly that, and understand Python
syntax too (hmm, an argument for keeping the current crop of %-string

Alternatively, or in conjunction, you should be auditing your
translation sites to make sure that maliciously translated strings
can't access sensitive information.