Bugtraq mailing list archives

Re: ncurses 4.1 security bug

From: ben () ALGROUP CO UK (Ben Laurie)
Date: Sat, 11 Jul 1998 20:33:28 +0100


David Schwartz wrote:

Why is C++ bashing so popular? Why can't people get it right? According
to Stroustrup, The C++ Programming Language, 3rd ed., section 9.4.1
Initialization of Nonlocal Variables, p.218 (in the 3rd printing):

"Note that variables initialized by constant expressions cannot depend
on the value of objects from other translation units and do not[1]
require run-time initialization. Such variables are therefore safe to
use in all cases."

[1] The word "not" was missing until the 6th printing (see the errata).


        I believe this is a false statement and that the code I posted to bugtraq
before constitutes a counter-example. Consider the following variable
initialized by a constant expression:

        MyString Foo("test");

        'Foo' is a variable. '"test"' is a constant expression.


I think this is where you part from Stroustrup (and where I may have
misunderstood you). '"test"' is indeed a constant expression, but 'Foo'
is not initialized from it: the constructor is called with it, so, the
above statement does not apply to Foo. However, it does apply to
MyString::StringCount.

Now, Stroustrup
claims that this "cannot depend on the value of objects from other
translation units." Consider the following object from another translation
unit:

        int MyString::StringCount=0;

        And consider the following constructor:

        MyString(const char *)
        {
         StringCount++;
         ....
        };

        Now, here you see that a variable initialized by a constant expression CAN
depend on the value of objects from other translation units. So either we
are both misunderstanding Stroustrup or he is incorrect.


OK, you've misunderstood Stroustrup (IMO), and I've misunderstood you. I
agree that you can't know the value of StringCount when Foo is
initialised (because you don't know how many other MyStrings may have
been initialised), but you can know that StringCount will have been
zeroed before any MyStrings were initialised. So now I'm left wondering
what point you are actually trying to make (other than that we don't
know what order global contructors are initialised in)?

Cheers,

Ben.

--
Ben Laurie            |Phone: +44 (181) 735 0686| Apache Group member
Freelance Consultant  |Fax:   +44 (181) 735 0689|http://www.apache.org/
and Technical Director|Email: ben () algroup co uk |
A.L. Digital Ltd,     |Apache-SSL author     http://www.apache-ssl.org/
London, England.      |"Apache: TDG" http://www.ora.com/catalog/apache/

WE'RE RECRUITING! http://www.aldigital.co.uk/recruit/

Current thread:

Netware 4.x Attack Tool Announcement, (continued)
- - - Netware 4.x Attack Tool Announcement Simple Nomad (Jul 13)
- Re: ncurses 4.1 security bug Casper Dik (Jul 09)
  - Re: ncurses 4.1 security bug Pavel Kankovsky (Jul 09)
- Re: ncurses 4.1 security bug Matt Evans (Jul 09)
  - Re: ncurses 4.1 security bug Warner Losh (Jul 10)
    - inetd can leak file descriptors +FIX Jeff Forys (Jul 14)
    - Re: ncurses 4.1 security bug Alexander Kjeldaas (Jul 15)
- Re: ncurses 4.1 security bug Ben Laurie (Jul 11)
  - Re: ncurses 4.1 security bug David Schwartz (Jul 11)
  - Re: ncurses 4.1 security bug Geoffrey KEATING (Jul 14)
- Re: ncurses 4.1 security bug Ben Laurie (Jul 11)
  - Re: ncurses 4.1 security bug David Schwartz (Jul 11)
- Re: ncurses 4.1 security bug Ben Laurie (Jul 12)