Eric Blake wrote: > On 10/08/2014 08:52 AM, Stephane Chazelas wrote: > > When bash parses code it honours the "blank" character class in > > the current locale as token separator. > > > > For instance, if "x" is a blank character in the current locale, > > Such a locale is invalid per POSIX; but the invalidity of the locale > doesn't stop it from being a potential attack vector :)
Is it? I looked at locale definition [1] but it only seems to define what the POSIX/C locale must be, not any restriction on what a locale could impose. It seems to me that a Klingon locale where everything outside U+F8D0 - U+F8FF [2] were considered a blank would be conformant (although an Earth application using such locale would hit a lot of undefined cases ☺). 1- http://pubs.opengroup.org/onlinepubs/7908799/xbd/locale.html 2- http://www.evertype.com/standards/csur/klingon.html
