[7235] in bugtraq
Re: ncurses 4.1 security bug
daemon@ATHENA.MIT.EDU (Ben Laurie)
Mon Jul 13 12:15:54 1998
Date: Sat, 11 Jul 1998 11:56:41 +0100
Reply-To: Ben Laurie <ben@ALGROUP.CO.UK>
From: Ben Laurie <ben@ALGROUP.CO.UK>
X-To: David Schwartz <davids@webmaster.com>
To: BUGTRAQ@NETSPACE.ORG
David Schwartz wrote:
>
> > In C++ _you cant_
> >
> > C++ global object constructors are called in pretty much arbitary
> > order before
> > main() is entererd.
> >
> > Its an interesting reason not to write setuid apps in C++ 8)
>
> Constructing global objects is bad anyway for a variety of reasons and
> tends to cause subtle bugs since the order is indeterminate. For example, if
> a class initializes global objects for its own tracking and you create an
> instance of the class globally, you have no way to know whether the class is
> internally ready to function or not. In general, you have no way to know if
> a class relies upon global initialization.
>
> Imagine if you do, globally, 'MyString foo("test");' but unknown to you,
> 'MyString.h' has:
>
> class MyString
> {
> private:
> static int StringCount;
> ...
> public:
> MyString(const char *f)
> {
> StringCount++;
> ...
> }
> };
>
> and 'MyString.cpp' has:
>
> int MyString::StringCount=0;
>
> Constructing an instance of such a class globally is suicide.
>
> It's far better to use global _pointers_ and initialize them with calls to
> 'new' from your 'main' function. Constructing 'complex' global objects is a
> losing proposition to begin with. And, in general, almost every global
> variable can be eliminated by clean coding.
Why is C++ bashing so popular? Why can't people get it right? According
to Stroustrup, The C++ Programming Language, 3rd ed., section 9.4.1
Initialization of Nonlocal Variables, p.218 (in the 3rd printing):
"Note that variables initialized by constant expressions cannot depend
on the value of objects from other translation units and do not[1]
require run-time initialization. Such variables are therefore safe to
use in all cases."
[1] The word "not" was missing until the 6th printing (see the errata).
And if that doesn't make you happy, Stroustrup also provides a way to
make the initilisation happen at the right moment, by using a function
that returns a reference to a local static.
OTOH, I agree that global constructors should be avoided where possible.
Cheers,
Ben.
--
Ben Laurie |Phone: +44 (181) 735 0686| Apache Group member
Freelance Consultant |Fax: +44 (181) 735 0689|http://www.apache.org/
and Technical Director|Email: ben@algroup.co.uk |
A.L. Digital Ltd, |Apache-SSL author http://www.apache-ssl.org/
London, England. |"Apache: TDG" http://www.ora.com/catalog/apache/
WE'RE RECRUITING! http://www.aldigital.co.uk/recruit/
