Date: Mon, 17 Feb 2025 10:48:27 +0000
If hacker gains control of memory by performing remote code execution, you are already owned.
It doesn’t matter if it’s C++, Rust or whatever, it makes absolutely no difference, that’s now how computers work.
You already have been breached, protections designed for code before it’s compiled does bugger all at that point, that’s not how you do security.
From: Std-Discussion <std-discussion-bounces_at_[hidden]> On Behalf Of Amit via Std-Discussion
Sent: Monday, February 17, 2025 11:34 AM
To: mauro russo <ing.russomauro_at_[hidden]>
Cc: Amit <amitchoudhary0523_at_[hidden]>; std-discussion_at_[hidden]
Subject: Re: [std-discussion] C++ language has a big security hole.
I had read many times that hackers have taken control of a system by using a RCE (Remote Code Ececution) attack.
So, they are also doing it from outside the process.
The virtual table pointer is at the bottom of the C++ object structure. So, the virtual functions addresses can be changed to some other code/function address.
But anyways, I just highlighted this. Its ok with me if there is no security issue because of this.
Regards,
Amit
On Mon, Feb 17, 2025, 3:43 PM mauro russo <ing.russomauro_at_[hidden]<mailto:ing.russomauro_at_[hidden]>> wrote:
please,
read "Private variables in a C++ class can't be accessed directly" in the correct perspective.
Hackers operate from outside the process, not from inside the process.
Il giorno lun 17 feb 2025 alle ore 11:10 Amit via Std-Discussion <std-discussion_at_[hidden]<mailto:std-discussion_at_[hidden]>> ha scritto:
I don't know. I am not a hacker. I am just saying that may be hackers know or may be not.
But I can definitely mess up any object. So, data is not quite safe in C++ as it has been advertised.
"Private variables in a C++ class can't be accessed directly" is a very popular statement.
Regards,
Amit
On Mon, Feb 17, 2025, 3:29 PM Tiago Freire <tmiguelf_at_[hidden]<mailto:tmiguelf_at_[hidden]>> wrote:
How?
From: Std-Discussion <std-discussion-bounces_at_[hidden]<mailto:std-discussion-bounces_at_[hidden]>> On Behalf Of Amit via Std-Discussion
Sent: Monday, February 17, 2025 10:54 AM
To: Jan Schultke <janschultke_at_[hidden]<mailto:janschultke_at_[hidden]>>
Cc: Amit <amitchoudhary0523_at_gmail.com<mailto:amitchoudhary0523_at_[hidden]>>; std-discussion_at_[hidden]<mailto:std-discussion_at_[hidden]>
Subject: Re: [std-discussion] C++ language has a big security hole.
In all C++ object layouts, I have seen that members follow the previous one as in a C structure.
My main point is that hackers/bad people can take advantage of this.
Regards,
Amit
On Mon, Feb 17, 2025, 3:17 PM Jan Schultke <janschultke_at_[hidden]<mailto:janschultke_at_[hidden]>> wrote:
Your code has undefined behavior because you cannot obtain your j_ptr
by doing i_ptr + 1. A past the end pointer is not a pointer to the
next member.
However, the example is correct without j_ptr. It is possible to
obtain a pointer to the first member of a standard-layout class such
as MyClass, even if that member is private.
I wouldn't really call it a security hole. The only way you will do
this in idiomatic C++ code is with reinterpret_cast, and
reinterpret_cast is a giant red flag which says "I'm an expert, I know
what I'm doing, and what I'm doing is potentially dangerous". This
never happens by accident.
--
Std-Discussion mailing list
Std-Discussion_at_[hidden]<mailto:Std-Discussion_at_[hidden]>
https://lists.isocpp.org/mailman/listinfo.cgi/std-discussion
It doesn’t matter if it’s C++, Rust or whatever, it makes absolutely no difference, that’s now how computers work.
You already have been breached, protections designed for code before it’s compiled does bugger all at that point, that’s not how you do security.
From: Std-Discussion <std-discussion-bounces_at_[hidden]> On Behalf Of Amit via Std-Discussion
Sent: Monday, February 17, 2025 11:34 AM
To: mauro russo <ing.russomauro_at_[hidden]>
Cc: Amit <amitchoudhary0523_at_[hidden]>; std-discussion_at_[hidden]
Subject: Re: [std-discussion] C++ language has a big security hole.
I had read many times that hackers have taken control of a system by using a RCE (Remote Code Ececution) attack.
So, they are also doing it from outside the process.
The virtual table pointer is at the bottom of the C++ object structure. So, the virtual functions addresses can be changed to some other code/function address.
But anyways, I just highlighted this. Its ok with me if there is no security issue because of this.
Regards,
Amit
On Mon, Feb 17, 2025, 3:43 PM mauro russo <ing.russomauro_at_[hidden]<mailto:ing.russomauro_at_[hidden]>> wrote:
please,
read "Private variables in a C++ class can't be accessed directly" in the correct perspective.
Hackers operate from outside the process, not from inside the process.
Il giorno lun 17 feb 2025 alle ore 11:10 Amit via Std-Discussion <std-discussion_at_[hidden]<mailto:std-discussion_at_[hidden]>> ha scritto:
I don't know. I am not a hacker. I am just saying that may be hackers know or may be not.
But I can definitely mess up any object. So, data is not quite safe in C++ as it has been advertised.
"Private variables in a C++ class can't be accessed directly" is a very popular statement.
Regards,
Amit
On Mon, Feb 17, 2025, 3:29 PM Tiago Freire <tmiguelf_at_[hidden]<mailto:tmiguelf_at_[hidden]>> wrote:
How?
From: Std-Discussion <std-discussion-bounces_at_[hidden]<mailto:std-discussion-bounces_at_[hidden]>> On Behalf Of Amit via Std-Discussion
Sent: Monday, February 17, 2025 10:54 AM
To: Jan Schultke <janschultke_at_[hidden]<mailto:janschultke_at_[hidden]>>
Cc: Amit <amitchoudhary0523_at_gmail.com<mailto:amitchoudhary0523_at_[hidden]>>; std-discussion_at_[hidden]<mailto:std-discussion_at_[hidden]>
Subject: Re: [std-discussion] C++ language has a big security hole.
In all C++ object layouts, I have seen that members follow the previous one as in a C structure.
My main point is that hackers/bad people can take advantage of this.
Regards,
Amit
On Mon, Feb 17, 2025, 3:17 PM Jan Schultke <janschultke_at_[hidden]<mailto:janschultke_at_[hidden]>> wrote:
Your code has undefined behavior because you cannot obtain your j_ptr
by doing i_ptr + 1. A past the end pointer is not a pointer to the
next member.
However, the example is correct without j_ptr. It is possible to
obtain a pointer to the first member of a standard-layout class such
as MyClass, even if that member is private.
I wouldn't really call it a security hole. The only way you will do
this in idiomatic C++ code is with reinterpret_cast, and
reinterpret_cast is a giant red flag which says "I'm an expert, I know
what I'm doing, and what I'm doing is potentially dangerous". This
never happens by accident.
--
Std-Discussion mailing list
Std-Discussion_at_[hidden]<mailto:Std-Discussion_at_[hidden]>
https://lists.isocpp.org/mailman/listinfo.cgi/std-discussion
Received on 2025-02-17 10:48:31