ksysguard says: C++ programs should NEVER have setgid/setuid permissions
Thiago Macieira
thiago at kde.org
Fri Jan 8 18:50:21 GMT 2010
Em Sexta-feira 08 Janeiro 2010, às 17:17:06, Martin Koller escreveu:
> Hi folks,
>
> I stumbled over the following comment in ksysguard's Porting-HOWTO:
>
> "Since C++ programs
> should NEVER have setgid/setuid permissions, a plain C back-end was
> needed."
>
> Can anyone enlighten me, why there should be a difference with a setuid
> program coded in C, C++ or anything else which is a compiled language ?
The comment is wrong.
However, when you make a setuid program, you should be aware if the libraries
you're using are safe for setuid code, regardless of which language you
choose. The language itself is not a factor.
--
Thiago Macieira - thiago (AT) macieira.info - thiago (AT) kde.org
Senior Product Manager - Nokia, Qt Development Frameworks
PGP/GPG: 0x6EF45358; fingerprint:
E067 918B B660 DBD1 105C 966C 33F5 F005 6EF4 5358
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part.
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20100108/fb78169a/attachment.sig>
More information about the kde-core-devel
mailing list