On Mon, Nov 15, 2021 at 05:58:38PM +0100, Ingo Schwarze wrote: > I don't know. A fairly reliable way to create security risks is > complexity. Apart from the erratic run time behaviour that is likely to > trip up sysadmins - LC_COLLATE can change the collation sequence even > among ASCII characters - collation support looks like a very effective > way of putting excessive complexity right into the C library.
Yes, but it only affects added functions, so it's not that bad, imo. Contrary to LC_CTYPE, you have to explicitly use the locale functions if you want locale order... it doesn't change the semantics of plain old C comparison. As far as the complexity goes, it's supposed to be a text file containing collate information that you compile into rules... Some rules are really "fun", but I don't think it's that bad... and we could always lock it to actual languages by default.