Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1998_3

Bugtraq archives for 3rd quarter (Jul-Sep) 1998: Re: ncurses 4.1 security bug

Re: ncurses 4.1 security bug

Warner Losh (impVILLAGE.ORG)
Thu, 9 Jul 1998 14:23:28 -0600

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: David Schwartz: "Re: ncurses 4.1 security bug"
Previous message: Jeffrey Hutzelman: "Re: Linux kernel filesystem oddities"
In reply to: Alan Cox: "Re: ncurses 4.1 security bug"
Next in thread: matthew green: "Re: ncurses 4.1 security bug"

In message <m0ytvb6-000aQFCthe-village.bc.nu> Alan Cox writes:
: C++ global object constructors are called in pretty much arbitary
: order before main() is entererd.

That's not entirely correct.  C++ global object constructors need to be
initialized before they are referenced, even if they are in a
dynamically linked in library.  This is traditionally done with a call
to _main() as the first thing in main().

However, that nit-picking aside, you are correct that you cannot
predict when the ctors will be called.

: Its an interesting reason not to write setuid apps in C++ 8)

Or just don't use global objects that have ctors.  It is arguably bad
form anyway :-).  Well, you could use global objects, so long as they
don't need to do privileged things, or carelessly rely on user input..

Warner

Next message: David Schwartz: "Re: ncurses 4.1 security bug"
Previous message: Jeffrey Hutzelman: "Re: Linux kernel filesystem oddities"
In reply to: Alan Cox: "Re: ncurses 4.1 security bug"
Next in thread: matthew green: "Re: ncurses 4.1 security bug"