> SUID programs should drop privs almost immediately. The number of > possible places such issues can lurk is semi-infinite. You'll never > get all of them. You *can*, however, drop privs almost instantly. Almost is often the killer. On the rest of the issues Im sure you are preaching to the choir right now > > 1. The libraries will use message catalogs and may open them before > > you do > > In NetBSD, the message catalogs we use don't work that way, so I > suppose I'm not familiar with this issue. Does libc load message databases of your choice - like say /dev/tape ? The problems are those of dropping privliedges early enough. As to the bug list thats real apps that need fixing - and should be fixed regardless of whether people bandaid ncurses. > > 2. If you are using C++ your constructors can't call libc in this case > > as the order of constructors isnt defined > > ??? > > Why not just drop privs at the beginning as you are supposed to? In C++ _you cant_ C++ global object constructors are called in pretty much arbitary order before main() is entererd. Its an interesting reason not to write setuid apps in C++ 8)
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:02:22 PDT