Patch for incorrect charset in notification emails
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
sudo |
Unknown
|
Unknown
|
|||
sudo (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: sudo
sudo uses strftime() to generate the date string in the notification mails sent to administrators when something fishy happens. strftime() generates the date according to locale env vars. This could result in date strings containing arbitrary characters in arbitrary charsets (think UTF-8 in far eastern languages).
By default, email messages are us-ascii. sudo does no conversion of the data returned by strftime (which is in the user's current charset) to the default us-ascii charset. This causes non-ascii dates to come through as garbage.
Solution:
1. stop using strftime. The code actually has the strftime code in a IFDEF, remove that whole ifdef, and use ctime, which is ascii.
2. insert charset information into the notification email. add header (Content-Type: text/plain; charset=
downside of solution 2:
1. 8bit transfer encoding is required. 8bit is not strictly supported by SMTP, although is supported by most MTA's, probably all MTA's in the Ubuntu repo.
2. Also, since the strftime uses the locale of the user, it could represent the date in some language unreadable by the sysadmin (who receives the notification, but does not necessarily read the same language as the user who committed whatever offense). ctime() always represents the date in English ASCII. I think we can safely assume the large majority of sysadmins out there can read English ASCII?
I've attached a patch to only use ctime in notification emails and logging. Since launch pad only allows one attachment at time of bug creation, I'll try attach the other patch after I've submitted this. Here's hoping I can do that.
Just for clarity, propose one of the two solutions, not both. You choice. I prefer using only ctime()