Re: ncurses 4.1 security bug

[bmajik () NOCBOY NTR NET (Matt Evans)]

On Jul 8, 10:40am, Perry E. Metzger wrote:
> Subject: Re: ncurses 4.1 security bug

> > 2.    If you are using C++ your constructors can't call libc in this case
> >       as the order of constructors isnt defined
>
> ???
>
> Why not just drop privs at the beginning as you are supposed to?

> -- End of excerpt from Perry E. Metzger

because you dont know where the beginning is.  Does every C++ constructor
"drop privs" ?  it is my understanding that when you have global objects,
the constructors all get called before main() is invoked.  The assumptions most
people use when writing C++ programs with globals tend to support this.

imagine this:

class jar
{
        jar() { naughty_libc_call(); };
};

jar a;
jar b;

main()
{
        other_stuff();
}

a.jar() and b.jar() are going to both get called before other_stuff(),
but you have no way of knowing in which order a.jar() b.jar() get called with
respect to each other.  does jar() need to drop privs ?  i hardly think so.
what happens when "class lazy_programmer{};" comes along ?  must all of its
constructors also "drop privs" as well ?  if every function "drops privs"
before main() ever starts, and every function does so in some random order, i
fail to see how you can create a useful set[ug]id program.

But then again Alan already told us not to use C++ for set[ug]id :)