[7213] in bugtraq
Re: ncurses 4.1 security bug
daemon@ATHENA.MIT.EDU (Warner Losh)
Fri Jul 10 12:16:02 1998
Date: Thu, 9 Jul 1998 14:23:28 -0600
Reply-To: Warner Losh <imp@VILLAGE.ORG>
From: Warner Losh <imp@VILLAGE.ORG>
X-To: Alan Cox <alan@LXORGUK.UKUU.ORG.UK>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: Your message of "Wed, 08 Jul 1998 15:53:27 BST."
<m0ytvb6-000aQFC@the-village.bc.nu>
In message <m0ytvb6-000aQFC@the-village.bc.nu> Alan Cox writes:
: C++ global object constructors are called in pretty much arbitary
: order before main() is entererd.
That's not entirely correct. C++ global object constructors need to be
initialized before they are referenced, even if they are in a
dynamically linked in library. This is traditionally done with a call
to _main() as the first thing in main().
However, that nit-picking aside, you are correct that you cannot
predict when the ctors will be called.
: Its an interesting reason not to write setuid apps in C++ 8)
Or just don't use global objects that have ctors. It is arguably bad
form anyway :-). Well, you could use global objects, so long as they
don't need to do privileged things, or carelessly rely on user input..
Warner
