Bugtraq mailing list archives
Re: ncurses 4.1 security bug
From: imp () VILLAGE ORG (Warner Losh)
Date: Thu, 9 Jul 1998 14:23:28 -0600
In message <m0ytvb6-000aQFC () the-village bc nu> Alan Cox writes: : C++ global object constructors are called in pretty much arbitary : order before main() is entererd. That's not entirely correct. C++ global object constructors need to be initialized before they are referenced, even if they are in a dynamically linked in library. This is traditionally done with a call to _main() as the first thing in main(). However, that nit-picking aside, you are correct that you cannot predict when the ctors will be called. : Its an interesting reason not to write setuid apps in C++ 8) Or just don't use global objects that have ctors. It is arguably bad form anyway :-). Well, you could use global objects, so long as they don't need to do privileged things, or carelessly rely on user input.. Warner
Current thread:
- ncurses 4.1 security bug Duncan Simpson (Jul 07)
- Re: ncurses 4.1 security bug Perry E. Metzger (Jul 07)
- Re: ncurses 4.1 security bug Alan Cox (Jul 08)
- Re: ncurses 4.1 security bug Perry E. Metzger (Jul 08)
- Re: ncurses 4.1 security bug Alan Cox (Jul 08)
- Re: ncurses 4.1 security bug Warner Losh (Jul 09)
- Re: ncurses 4.1 security bug David Schwartz (Jul 09)
- Re: ncurses 4.1 security bug matthew green (Jul 10)
- Re: ncurses 4.1 security bug Theo de Raadt (Jul 10)
- Re: ncurses 4.1 security bug Wietse Venema (Jul 12)
- Seattle Lab fixes security issue in SLmail Aleph One (Jul 12)
- Re: ncurses 4.1 security bug Alan Cox (Jul 08)
- Re: ncurses 4.1 security bug Perry E. Metzger (Jul 07)
- Re: ncurses 4.1 security bug David Schwartz (Jul 09)
- sshd gives out version number Tom Dyas (Jul 09)
- Re: Forwared to me Solar Designer (Jul 09)
- Remote count.cgi exploit mods _ _ (Jul 09)