[Python-Dev] PEP 215 redux: toward a simplified consensus?
Jeff Epler
jepler@unpythonic.dhs.org
Mon, 25 Feb 2002 16:45:33 -0600
On Mon, Feb 25, 2002 at 11:25:48PM +0100, Martin v. Loewis wrote:
> That's not a vulnerability. It assumes that the translator is an
> attacker, or that the attacker can change the catalogs. If he is or
> can, you could not trust them, anyway, as they could cause arbitrary
> other failures, as well.
It means that you must audit not only your source code, but also your
message catalogs, to determine whether information that is supposed to
remain internal to a program is not formatted into a string. Of course,
it is fairly easy to do this audit by showing that the translated string
doesn't contain substitution on any identifiers that the original string
did not.
I don't think it's impossible that someone supplying catalogs could be
an "attacker", even if a plausible scenario doesn't come directly to
mind.
Jeff