Date: Mon, 17 Feb 2025 16:39:52 +0530
How do you know when I was born? I have seen many people on mailing lists
who make assumptions without thinking much.
I was born before Microsoft was born.
Well, I had identified the private keyword flaw in 2004 but I didn't do
anything about it.
I actually wouldn't have designed C++ this way where a key feature of the
language can be rendered useless so easily.
But anyways, I don't program in C++ and will never program in C++ even if I
am getting less salary in any other language.
I just don't like C++ because it is not a truly object oriented language.
Friend functions break the whole object oriented concept. Besides, I think
C++ is a complex language and good/expert programmers are hard to find.
Other than google, I know of few projects that failed because it was in
C++, not many experts available in C++.
In fact I have always stopped moving my project(s) from C to C++.
I have also seen few projects that just used C++ to wrap C code.
Regards,
Amit
On Mon, Feb 17, 2025, 4:11 PM Tiago Freire <tmiguelf_at_[hidden]> wrote:
> What you are describing is known to every developer that is learning how
> to code, it has been there for over 30 years.
>
> In fact, this is not exclusive to C++, it’s been a thing in programming
> since before you were born.
>
>
>
> Wouldn’t you think if it was such a security risk as you claim, that
> developers wouldn’t have patch that by now?
>
>
>
> Or is it rather more likely that we know something you don’t?
>
>
>
>
>
>
>
> *From:* Amit <amitchoudhary0523_at_[hidden]>
> *Sent:* Monday, February 17, 2025 11:10 AM
> *To:* Tiago Freire <tmiguelf_at_[hidden]>
> *Cc:* std-discussion_at_[hidden]; Jan Schultke <
> janschultke_at_[hidden]>
> *Subject:* Re: [std-discussion] C++ language has a big security hole.
>
>
>
> I don't know. I am not a hacker. I am just saying that may be hackers know
> or may be not.
>
>
>
> But I can definitely mess up any object. So, data is not quite safe in C++
> as it has been advertised.
>
>
>
> "Private variables in a C++ class can't be accessed directly" is a very
> popular statement.
>
>
>
> Regards,
>
> Amit
>
>
>
>
>
> On Mon, Feb 17, 2025, 3:29 PM Tiago Freire <tmiguelf_at_[hidden]> wrote:
>
> How?
>
>
>
>
>
> *From:* Std-Discussion <std-discussion-bounces_at_[hidden]> *On
> Behalf Of *Amit via Std-Discussion
> *Sent:* Monday, February 17, 2025 10:54 AM
> *To:* Jan Schultke <janschultke_at_[hidden]>
> *Cc:* Amit <amitchoudhary0523_at_[hidden]>; std-discussion_at_[hidden]
> *Subject:* Re: [std-discussion] C++ language has a big security hole.
>
>
>
> In all C++ object layouts, I have seen that members follow the previous
> one as in a C structure.
>
>
>
> My main point is that hackers/bad people can take advantage of this.
>
>
>
> Regards,
>
> Amit
>
>
>
>
>
> On Mon, Feb 17, 2025, 3:17 PM Jan Schultke <janschultke_at_[hidden]>
> wrote:
>
> Your code has undefined behavior because you cannot obtain your j_ptr
> by doing i_ptr + 1. A past the end pointer is not a pointer to the
> next member.
>
> However, the example is correct without j_ptr. It is possible to
> obtain a pointer to the first member of a standard-layout class such
> as MyClass, even if that member is private.
>
> I wouldn't really call it a security hole. The only way you will do
> this in idiomatic C++ code is with reinterpret_cast, and
> reinterpret_cast is a giant red flag which says "I'm an expert, I know
> what I'm doing, and what I'm doing is potentially dangerous". This
> never happens by accident.
>
>
who make assumptions without thinking much.
I was born before Microsoft was born.
Well, I had identified the private keyword flaw in 2004 but I didn't do
anything about it.
I actually wouldn't have designed C++ this way where a key feature of the
language can be rendered useless so easily.
But anyways, I don't program in C++ and will never program in C++ even if I
am getting less salary in any other language.
I just don't like C++ because it is not a truly object oriented language.
Friend functions break the whole object oriented concept. Besides, I think
C++ is a complex language and good/expert programmers are hard to find.
Other than google, I know of few projects that failed because it was in
C++, not many experts available in C++.
In fact I have always stopped moving my project(s) from C to C++.
I have also seen few projects that just used C++ to wrap C code.
Regards,
Amit
On Mon, Feb 17, 2025, 4:11 PM Tiago Freire <tmiguelf_at_[hidden]> wrote:
> What you are describing is known to every developer that is learning how
> to code, it has been there for over 30 years.
>
> In fact, this is not exclusive to C++, it’s been a thing in programming
> since before you were born.
>
>
>
> Wouldn’t you think if it was such a security risk as you claim, that
> developers wouldn’t have patch that by now?
>
>
>
> Or is it rather more likely that we know something you don’t?
>
>
>
>
>
>
>
> *From:* Amit <amitchoudhary0523_at_[hidden]>
> *Sent:* Monday, February 17, 2025 11:10 AM
> *To:* Tiago Freire <tmiguelf_at_[hidden]>
> *Cc:* std-discussion_at_[hidden]; Jan Schultke <
> janschultke_at_[hidden]>
> *Subject:* Re: [std-discussion] C++ language has a big security hole.
>
>
>
> I don't know. I am not a hacker. I am just saying that may be hackers know
> or may be not.
>
>
>
> But I can definitely mess up any object. So, data is not quite safe in C++
> as it has been advertised.
>
>
>
> "Private variables in a C++ class can't be accessed directly" is a very
> popular statement.
>
>
>
> Regards,
>
> Amit
>
>
>
>
>
> On Mon, Feb 17, 2025, 3:29 PM Tiago Freire <tmiguelf_at_[hidden]> wrote:
>
> How?
>
>
>
>
>
> *From:* Std-Discussion <std-discussion-bounces_at_[hidden]> *On
> Behalf Of *Amit via Std-Discussion
> *Sent:* Monday, February 17, 2025 10:54 AM
> *To:* Jan Schultke <janschultke_at_[hidden]>
> *Cc:* Amit <amitchoudhary0523_at_[hidden]>; std-discussion_at_[hidden]
> *Subject:* Re: [std-discussion] C++ language has a big security hole.
>
>
>
> In all C++ object layouts, I have seen that members follow the previous
> one as in a C structure.
>
>
>
> My main point is that hackers/bad people can take advantage of this.
>
>
>
> Regards,
>
> Amit
>
>
>
>
>
> On Mon, Feb 17, 2025, 3:17 PM Jan Schultke <janschultke_at_[hidden]>
> wrote:
>
> Your code has undefined behavior because you cannot obtain your j_ptr
> by doing i_ptr + 1. A past the end pointer is not a pointer to the
> next member.
>
> However, the example is correct without j_ptr. It is possible to
> obtain a pointer to the first member of a standard-layout class such
> as MyClass, even if that member is private.
>
> I wouldn't really call it a security hole. The only way you will do
> this in idiomatic C++ code is with reinterpret_cast, and
> reinterpret_cast is a giant red flag which says "I'm an expert, I know
> what I'm doing, and what I'm doing is potentially dangerous". This
> never happens by accident.
>
>
Received on 2025-02-17 11:10:09