> Duncan Simpson writes: > > ncurses version 4.1 fails to drop priviledges before opening the > > termcap database and you can set any file(s) you like. > > This is not a bug. ncurses is a *library*, not a *program*. It is up > to suid programs to drop privileges, not every call that invokes them -- > or are you going to declare the fact that fopen() doesn't drop > privileges a "bug"? Depends how you care to look at it. I can agree with your reasoning. In which case there is a bug in screen (as root so very bad) dosemu mutt several bsd-games packages and almost every other setuid/setgid binary that uses ncurses,termcap or slang anywhere on the planet today. Also of course any setuid/setgid applications using NLS or TZ. The latter is far nastier because 1. The libraries will use message catalogs and may open them before you do 2. If you are using C++ your constructors can't call libc in this case as the order of constructors isnt defined 3. Is anyones ld.so internationalised ? Which OS's have C libraries that load TZ or NLS data at library initialisation time before the app starts. 4. Dropping TZ or NLS when setuid is really obnoxious - Japanese users will love having mutt, screen, and things like su in English. And of course your comment is inconsistent with LD_PRELOAD handling on every OS so far - ld.so is a shared object too. Alan
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:02:23 PDT