[davidhyde]

A uid of 0 being root is just such a bad idea to begin with because 0 is a default value of so many data types. It’s an accident waiting to happen and, in this case, a good way to hide something malicious as an accident.

[chmod775]

>and, in this case, a good way to hide something malicious as an accident

The number could've been 2342 and the backdoor would've worked exactly the same way.

[ThePowerOfFuet]

Hey, that's the combination to my luggage!

[lqet]

AFAIK only external and static variables are default initialized in C. For all other variables, the default value is undefined, so 0 is as good a choice as any other here.

[DC-3]

Except that uninitialised memory is substantially more likely to be 0 than any other value.

[grishka]

Except sometimes it is not and forgetting to initialize a variable in C/C++ leads to very insidious bugs that no one can reliably reproduce.

[kevincox]

That's not quite true. While it is undefined 0 is a fairly common value for memory and registers meaning that your "undefined" values is likely 0 a higher than average amount of the time.

[anonymousiam]

There is also the issue that (at least on some platforms) ECC memory must be initialized before being read, or an exception will occur.

[fnord77]

if you use malloc, yes. calloc will initialize the variables