Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
Re: ncurses 4.1 security bugGeoffrey KEATING (geoffkDISCUS.ANU.EDU.AU)
Tue, 14 Jul 1998 18:34:46 +1000
- Messages sorted by: [ date ][ thread ][ subject ][ author ]
- Next message: Jon Torrez: "Re: Slackware Shadow Insecurity"
- Previous message: Liviu Daia: "Re: Slackware Shadow Insecurity"
- In reply to: Ben Laurie: "Re: ncurses 4.1 security bug"
- Next in thread: Ben Laurie: "Re: ncurses 4.1 security bug"
> In C++ _you cant_ > > C++ global object constructors are called in pretty much arbitary > order before > main() is entererd. > > Its an interesting reason not to write setuid apps in C++ 8) Note that with ELF shared libraries, it is possible to have a shared library (written in C, C++, or any other language) that also has constructors that get executed before any code from the executable (possibly apart from crt0) gets run. So you can upgrade a harmless-looking library and make your system insecure because it was used by a setuid executable... -- Geoff Keating <Geoff.Keatinganu.edu.au>