[7210] in bugtraq
Re: ncurses 4.1 security bug
daemon@ATHENA.MIT.EDU (Matt Evans)
Thu Jul 9 19:47:18 1998
Date: Thu, 9 Jul 1998 16:17:25 -0400
Reply-To: Matt Evans <bmajik@NOCBOY.NTR.NET>
From: Matt Evans <bmajik@NOCBOY.NTR.NET>
X-To: perry@PIERMONT.COM
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: "Perry E. Metzger" <perry@PIERMONT.COM> "Re: ncurses 4.1 security
bug" (Jul 8, 10:40am)
On Jul 8, 10:40am, Perry E. Metzger wrote:
> Subject: Re: ncurses 4.1 security bug
> > 2. If you are using C++ your constructors can't call libc in this case
> > as the order of constructors isnt defined
>
> ???
>
> Why not just drop privs at the beginning as you are supposed to?
>-- End of excerpt from Perry E. Metzger
because you dont know where the beginning is. Does every C++ constructor
"drop privs" ? it is my understanding that when you have global objects,
the constructors all get called before main() is invoked. The assumptions most
people use when writing C++ programs with globals tend to support this.
imagine this:
class jar
{
jar() { naughty_libc_call(); };
};
jar a;
jar b;
main()
{
other_stuff();
}
a.jar() and b.jar() are going to both get called before other_stuff(),
but you have no way of knowing in which order a.jar() b.jar() get called with
respect to each other. does jar() need to drop privs ? i hardly think so.
what happens when "class lazy_programmer{};" comes along ? must all of its
constructors also "drop privs" as well ? if every function "drops privs"
before main() ever starts, and every function does so in some random order, i
fail to see how you can create a useful set[ug]id program.
But then again Alan already told us not to use C++ for set[ug]id :)
