Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20210209162915.xuycdrqtslfu25zi@jwilk.net>
Date: Tue, 9 Feb 2021 17:29:15 +0100
From: Jakub Wilk <jwilk@...lk.net>
To: <oss-security@...ts.openwall.com>
Subject: Re: charset.alias in pkexec/glib/gnulib

* Jakub Wilk <jwilk@...lk.net>, 2017-06-23, 20:23:
>* Tavis Ormandy <taviso@...xchg8b.com>, 2014-07-13, 18:59:
>>because pkexec links to glib, the built-in iconv/gconv conversion 
>>stuff is used by default. This allows you to setup aliases, which 
>>are of the form "charset <arbitrary alias>", for example:
>>
>>
>>$ echo "UTF-7 ThisIsAnAlias" > charset.alias
>>$ CHARSET=ThisIsAnAlias CHARSETALIASDIR=$(pwd) pkexec
>>pkexec --version +AHw
>>      --help +AHw
>>      --disable-internal-agent +AHw
>>      +AFs---user username+AF0 PROGRAM +AFs-ARGUMENTS...+AF0

I believe this was fixed in glib 2.63.6:
https://gitlab.gnome.org/GNOME/glib/commit/3529bb4450a51995

-- 
Jakub Wilk

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.