Yesterday, I saw an announcement for another GNU software package. It was said that "... multi-part message strings were re-formed to use a single printf formatting string".
But combining printf-format strings and gettext() can lead to security vulnerabilities. In "Write It Secure: Format Strings and Locale Filtering" <http://www.dwheeler.com/essays/write_it_secure_1.html> we find: "The GNU C libraries (glibc) were recently modified to protect against these vulnerabilities." but also "... note that this filtering only worked for setuid/setgid programs..." GNU grep has many internationalized printf-format strings. It also has such strings that do not contain any %s but that are yet passed as format-string argument to a printf-like function (such as error()); this can easily be remedied by use of a "%s" before the other string as format-string argument. It also has strings whose internationalization can be questioned, such as the whole copyright notice line (instead of just its " (C)"/" ©" part, which would have the added benefit of not changing from release to release). So, is there a GNU policy regarding this?
