[7192] in bugtraq
Re: ncurses 4.1 security bug
daemon@ATHENA.MIT.EDU (Alan Cox)
Thu Jul 9 12:57:48 1998
Date: Wed, 8 Jul 1998 15:53:27 +0100
Reply-To: Alan Cox <alan@LXORGUK.UKUU.ORG.UK>
From: Alan Cox <alan@LXORGUK.UKUU.ORG.UK>
X-To: perry@piermont.com
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <199807081440.KAA04566@jekyll.piermont.com> from "Perry E.
Metzger" at Jul 8, 98 10:40:09 am
> SUID programs should drop privs almost immediately. The number of
> possible places such issues can lurk is semi-infinite. You'll never
> get all of them. You *can*, however, drop privs almost instantly.
Almost is often the killer. On the rest of the issues Im sure you are
preaching to the choir right now
> > 1. The libraries will use message catalogs and may open them before
> > you do
>
> In NetBSD, the message catalogs we use don't work that way, so I
> suppose I'm not familiar with this issue.
Does libc load message databases of your choice - like say /dev/tape ? The
problems are those of dropping privliedges early enough. As to the bug list
thats real apps that need fixing - and should be fixed regardless of whether
people bandaid ncurses.
> > 2. If you are using C++ your constructors can't call libc in this case
> > as the order of constructors isnt defined
>
> ???
>
> Why not just drop privs at the beginning as you are supposed to?
In C++ _you cant_
C++ global object constructors are called in pretty much arbitary order before
main() is entererd.
Its an interesting reason not to write setuid apps in C++ 8)
