On Jul 8, 10:40am, Perry E. Metzger wrote:
> Subject: Re: ncurses 4.1 security bug
> > 2. If you are using C++ your constructors can't call libc in this case
> > as the order of constructors isnt defined
>
> ???
>
> Why not just drop privs at the beginning as you are supposed to?
>-- End of excerpt from Perry E. Metzger
because you dont know where the beginning is. Does every C++ constructor
"drop privs" ? it is my understanding that when you have global objects,
the constructors all get called before main() is invoked. The assumptions most
people use when writing C++ programs with globals tend to support this.
imagine this:
class jar
{
jar() { naughty_libc_call(); };
};
jar a;
jar b;
main()
{
other_stuff();
}
a.jar() and b.jar() are going to both get called before other_stuff(),
but you have no way of knowing in which order a.jar() b.jar() get called with
respect to each other. does jar() need to drop privs ? i hardly think so.
what happens when "class lazy_programmer{};" comes along ? must all of its
constructors also "drop privs" as well ? if every function "drops privs"
before main() ever starts, and every function does so in some random order, i
fail to see how you can create a useful set[ug]id program.
But then again Alan already told us not to use C++ for set[ug]id :)
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:02:46 PDT