Re: ncurses 4.1 security bug

From: Ben Laurie (benat_private)
Date: Sat Jul 11 1998 - 03:56:41 PDT

Next message: Ben Laurie: "Re: ncurses 4.1 security bug"

Previous message: Gus: "Re: Remote count.cgi exploit mods"
Maybe in reply to: Duncan Simpson: "ncurses 4.1 security bug"
Next in thread: Ben Laurie: "Re: ncurses 4.1 security bug"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

David Schwartz wrote:
>
> > In C++ _you cant_
> >
> > C++ global object constructors are called in pretty much arbitary
> > order before
> > main() is entererd.
> >
> > Its an interesting reason not to write setuid apps in C++ 8)
>
>         Constructing global objects is bad anyway for a variety of reasons and
> tends to cause subtle bugs since the order is indeterminate. For example, if
> a class initializes global objects for its own tracking and you create an
> instance of the class globally, you have no way to know whether the class is
> internally ready to function or not. In general, you have no way to know if
> a class relies upon global initialization.
>
>         Imagine if you do, globally, 'MyString foo("test");' but unknown to you,
> 'MyString.h' has:
>
> class MyString
> {
>  private:
>  static int StringCount;
>  ...
>  public:
>  MyString(const char *f)
>  {
>   StringCount++;
>   ...
>  }
> };
>
>         and 'MyString.cpp' has:
>
> int MyString::StringCount=0;
>
>         Constructing an instance of such a class globally is suicide.
>
>         It's far better to use global _pointers_ and initialize them with calls to
> 'new' from your 'main' function. Constructing 'complex' global objects is a
> losing proposition to begin with. And, in general, almost every global
> variable can be eliminated by clean coding.

Why is C++ bashing so popular? Why can't people get it right? According
to Stroustrup, The C++ Programming Language, 3rd ed., section 9.4.1
Initialization of Nonlocal Variables, p.218 (in the 3rd printing):

"Note that variables initialized by constant expressions cannot depend
on the value of objects from other translation units and do not[1]
require run-time initialization. Such variables are therefore safe to
use in all cases."

[1] The word "not" was missing until the 6th printing (see the errata).

And if that doesn't make you happy, Stroustrup also provides a way to
make the initilisation happen at the right moment, by using a function
that returns a reference to a local static.

OTOH, I agree that global constructors should be avoided where possible.

Cheers,

Ben.

--
Ben Laurie            |Phone: +44 (181) 735 0686| Apache Group member
Freelance Consultant  |Fax:   +44 (181) 735 0689|http://www.apache.org/
and Technical Director|Email: benat_private |
A.L. Digital Ltd,     |Apache-SSL author     http://www.apache-ssl.org/
London, England.      |"Apache: TDG" http://www.ora.com/catalog/apache/

WE'RE RECRUITING! http://www.aldigital.co.uk/recruit/

Next message: Ben Laurie: "Re: ncurses 4.1 security bug"
Previous message: Gus: "Re: Remote count.cgi exploit mods"
Maybe in reply to: Duncan Simpson: "ncurses 4.1 security bug"
Next in thread: Ben Laurie: "Re: ncurses 4.1 security bug"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:03:19 PDT