Re: How to use $"msgid"?

help-bash

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: How to use $"msgid"?

From:	Jesse Hathaway
Subject:	Re: How to use $"msgid"?
Date:	Tue, 23 Mar 2021 22:17:08 -0500

On Tue, Mar 23, 2021 at 6:00 PM Peng Yu <pengyu.ut@gmail.com> wrote:
>
> > There's also <https://mywiki.wooledge.org/BashFAQ/098>.  Take note of
> > the security warnings.
>
> I don't get it to work. Could you let me know what is wrong? For the
> security problem, could you show a working example demonstrating why
> it is not secure? Thanks.

based on my working example here is the security issue:

$ cat <<EOF > hello.pot
 > #: hello.sh:5
 > msgid "Hello, world"
 > msgstr "Hola Mundo $(uname)"
 > EOF
$ msgfmt -o ~+/locale/es_ES/LC_MESSAGES/hello.mo hello.pot
$ bash hello.sh
Hola Mundo Linux

i.e. bash substitutes the translation then performs double quoted
string expansions, so if the translator has injected bash code, such
as a command substitution into the translated message, it will be
executed.

[Prev in Thread]

Current Thread

[Next in Thread]

How to use $"msgid"?, Peng Yu, 2021/03/23
- Re: How to use $"msgid"?, Jesse Hathaway, 2021/03/23
  - Re: How to use $"msgid"?, Greg Wooledge, 2021/03/23
    - Re: How to use $"msgid"?, Peng Yu, 2021/03/23
    - Re: How to use $"msgid"?, Jesse Hathaway <=
    - Re: How to use $"msgid"?, Chet Ramey, 2021/03/29
  - Re: How to use $"msgid"?, Peng Yu, 2021/03/23
    - Re: How to use $"msgid"?, Jesse Hathaway, 2021/03/23
    - Re: How to use $"msgid"?, Peng Yu, 2021/03/24
    - Re: How to use $"msgid"?, Jesse Hathaway, 2021/03/24

Prev by Date: Re: How to use $"msgid"?
Next by Date: Re: Multiple concurrent coprocesses
Previous by thread: Re: How to use $"msgid"?
Next by thread: Re: How to use $"msgid"?
Index(es):
- Date
- Thread