Bugtraq mailing list archives
Re: ncurses 4.1 security bug
From: geoffk () DISCUS ANU EDU AU (Geoffrey KEATING)
Date: Tue, 14 Jul 1998 18:34:46 +1000
In C++ _you cant_ C++ global object constructors are called in pretty much arbitary order before main() is entererd. Its an interesting reason not to write setuid apps in C++ 8)
Note that with ELF shared libraries, it is possible to have a shared library (written in C, C++, or any other language) that also has constructors that get executed before any code from the executable (possibly apart from crt0) gets run. So you can upgrade a harmless-looking library and make your system insecure because it was used by a setuid executable... -- Geoff Keating <Geoff.Keating () anu edu au>
Current thread:
- Re: Forwared to me, (continued)
- Re: Forwared to me Illuminatus Primus (Jul 13)
- Netware 4.x Attack Tool Announcement Simple Nomad (Jul 13)
- Re: ncurses 4.1 security bug Casper Dik (Jul 09)
- Re: ncurses 4.1 security bug Pavel Kankovsky (Jul 09)
- Re: ncurses 4.1 security bug Matt Evans (Jul 09)
- Re: ncurses 4.1 security bug Warner Losh (Jul 10)
- inetd can leak file descriptors +FIX Jeff Forys (Jul 14)
- Re: ncurses 4.1 security bug Alexander Kjeldaas (Jul 15)
- Re: ncurses 4.1 security bug Warner Losh (Jul 10)
- Re: ncurses 4.1 security bug Ben Laurie (Jul 11)
- Re: ncurses 4.1 security bug David Schwartz (Jul 11)
- Re: ncurses 4.1 security bug Geoffrey KEATING (Jul 14)
- Re: ncurses 4.1 security bug Ben Laurie (Jul 11)
- Re: ncurses 4.1 security bug David Schwartz (Jul 11)
- Re: ncurses 4.1 security bug Ben Laurie (Jul 12)