On Wed, Jan 19, 2005 at 08:28:07AM +0100, Andreas Aardal Hanssen wrote: > On Wed, 19 Jan 2005, Peter Stuge wrote: > >Uninitialized variables are initialized to 0 by the compiler, so if I > >can manage to somehow make those LDAP calls fail, I will have root > >access on your system via the network. Not good. > > It the memory beneath the variable is untouched, it will be 0 because > that's its value at boot time. But 99.999999% of the time, it'll be > garbage. And the compiler isn't required to clean up (gcc doesn't, and > MSVC++ initializes it to garbage, if I'm not mistaken, to enforce a > crash).
I initially wrote "should be initialized to 0" but changed it. I shouldn't have. :) I know that gcc doesn't zero uninitialized data, but I have read more than one person's posts claiming that ANSI C dictates the compiler to clear data. In any case, the data will be undefined, which is certainly not suitable as a parameter for setuid(), setreuid() or similar. //Peter
