Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Vulnerability Development mailing list archives

RE: LC_COLLATE=en_US
From: "Holmes, Ben" <Ben.Holmes () getronics com>
Date: Fri, 6 Sep 2002 18:01:57 +1000
Strangely enough, Cygwin is right by default...

I believe RedHat also develops that...

Unfortunately, "touch a" and "touch A" are equivalent it would seem in
the version I am running and that in itself may cause all sorts of
security problems (if I create a file called "A" then I echo some text
into a file called "a" it will add it to the file called "A")

Personally, I would only consider Cygwin a development or "handy little
tech thing" product, not for use in a production environment especially
where it is a server or in a "security critical" environment... of
course others may differ.  Either way, it is handy but I certainly
expected it to be the same as RedHat Linux here... I wonder if other
distros are the same here...

I always thought that RedHat LINUX would stay closer to standard UNIX
than CygWin :)

I tried this on a box I run it on (Windows 2000, NTFS)...

$uname -a
CYGWIN_NT-5.0 SHEBURNS 1.3.3(0.46/3/2) 2001-09-12 23:54 i686 unknown

$ touch a B c d

$ echo [a-z]
a c d

$ 

But then, I have no idea how CygWin plays with locales.

-- Benjamin Holmes


-----Original Message-----
From: Seth Arnold [mailto:sarnold () wirex com]
Sent: Thursday, September 05, 2002 5:27 AM
To: vuln-dev () securityfocus com
Subject: LC_COLLATE=en_US


Greetings;

I recently found the default settings of LC_COLLATE on a recent RedHat
Linux distribution to be highly surprising. An example:

$ touch a A b
$ echo [a-z]
a A b

I am much more used to LC_COLLATE=C behavior:
$ touch a A b
$ echo [a-z]
a b

I would wager there is some software that expects 
LC_COLLATE=C as well.
I just don't have the time to search for them, so I turn to you, the
good reader, in the hopes that you will have time to search for
unexpected behavior on systems where LC_COLLATE does not reflect
traditional Unix behavior.

Happy Hunting!


-- 
It seems the power has been robbed from the founding fathers 
and is now
firmly in the hand of the funding fathers -- Rik van Riel

Attachment: smime.p7s
Description:

  By Date           By Thread  

Current thread:
  • LC_COLLATE=en_US Seth Arnold (Sep 04)
    • <Possible follow-ups>
    • RE: LC_COLLATE=en_US Holmes, Ben (Sep 06)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]