RE: UTF-8 and case-insensitivity

From: Linus Torvalds
Date: Tue Feb 17 2004 - 19:30:00 EST

Next message: Charles Johnston: "Re: Linux 2.6.3-rc4 Massive strange corruption with new radeonfb"
Previous message: Roman Zippel: "Re: Linux 2.6.3-rc4"
In reply to: Robert White: "RE: UTF-8 and case-insensitivity"
Next in thread: Ville Herva: "Re: UTF-8 and case-insensitivity"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 17 Feb 2004, Robert White wrote:
>
> OK, so I wrote the below, but then in the summary I realized that there was
> a significant factor that doesn't fit in with the rest of the post. Case
> insensitivity, and more generally locale equivalence rules, is a security
> nightmare. Consider the number of different file names that "su" could map
> to if you apply case insensitivity (4) and/or worse yet the various accents
> and umlats (?,etc) that sort-equivalent for "u" in some locales. The user
> types "su" and runs "S(u-umlat)" etc.

This is but one reason why I will _refuse_ to make case insensitivity
magically start happening on regular "open()" etc calls.

You'd literally have to use a _different_ system call to do a
case-insensitive file open. Exactly because anything else would be very
confusing to existing apps (and thus be potential security holes).

Linus
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Charles Johnston: "Re: Linux 2.6.3-rc4 Massive strange corruption with new radeonfb"
Previous message: Roman Zippel: "Re: Linux 2.6.3-rc4"
In reply to: Robert White: "RE: UTF-8 and case-insensitivity"
Next in thread: Ville Herva: "Re: UTF-8 and case-insensitivity"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]