Date: Mon, 17 Feb 2025 12:20:55 +0100
guys,
it's not my role,
but keep calm :-)
Better not to shame anyone, about saying it's spam, or betting about age.
Amit, most of us guess that the subject is a bit unproper here, but anyway
better to ask if this helps you.
C++ is not only OOP-oriented but also functional programming.
Anyway, let's not digress.
Hope you were convinced that the feature to force accessing private (which
is a bad practice expect rare cases) is not a security issue.
Note also that old-style cast was to support retro-compatibility at that
time with C.
Anyway, other people know better than me about history. I am just a user as
you are :-)
Il giorno lun 17 feb 2025 alle ore 12:10 Amit via Std-Discussion <
std-discussion_at_[hidden]> ha scritto:
> How do you know when I was born? I have seen many people on mailing lists
> who make assumptions without thinking much.
>
> I was born before Microsoft was born.
>
>
> Well, I had identified the private keyword flaw in 2004 but I didn't do
> anything about it.
>
> I actually wouldn't have designed C++ this way where a key feature of the
> language can be rendered useless so easily.
>
> But anyways, I don't program in C++ and will never program in C++ even if
> I am getting less salary in any other language.
>
> I just don't like C++ because it is not a truly object oriented language.
> Friend functions break the whole object oriented concept. Besides, I think
> C++ is a complex language and good/expert programmers are hard to find.
>
> Other than google, I know of few projects that failed because it was in
> C++, not many experts available in C++.
>
> In fact I have always stopped moving my project(s) from C to C++.
>
> I have also seen few projects that just used C++ to wrap C code.
>
> Regards,
> Amit
>
>
>
>
> On Mon, Feb 17, 2025, 4:11 PM Tiago Freire <tmiguelf_at_[hidden]> wrote:
>
>> What you are describing is known to every developer that is learning how
>> to code, it has been there for over 30 years.
>>
>> In fact, this is not exclusive to C++, it’s been a thing in programming
>> since before you were born.
>>
>>
>>
>> Wouldn’t you think if it was such a security risk as you claim, that
>> developers wouldn’t have patch that by now?
>>
>>
>>
>> Or is it rather more likely that we know something you don’t?
>>
>>
>>
>>
>>
>>
>>
>> *From:* Amit <amitchoudhary0523_at_[hidden]>
>> *Sent:* Monday, February 17, 2025 11:10 AM
>> *To:* Tiago Freire <tmiguelf_at_[hidden]>
>> *Cc:* std-discussion_at_[hidden]; Jan Schultke <
>> janschultke_at_[hidden]>
>> *Subject:* Re: [std-discussion] C++ language has a big security hole.
>>
>>
>>
>> I don't know. I am not a hacker. I am just saying that may be hackers
>> know or may be not.
>>
>>
>>
>> But I can definitely mess up any object. So, data is not quite safe in
>> C++ as it has been advertised.
>>
>>
>>
>> "Private variables in a C++ class can't be accessed directly" is a very
>> popular statement.
>>
>>
>>
>> Regards,
>>
>> Amit
>>
>>
>>
>>
>>
>> On Mon, Feb 17, 2025, 3:29 PM Tiago Freire <tmiguelf_at_[hidden]> wrote:
>>
>> How?
>>
>>
>>
>>
>>
>> *From:* Std-Discussion <std-discussion-bounces_at_[hidden]> *On
>> Behalf Of *Amit via Std-Discussion
>> *Sent:* Monday, February 17, 2025 10:54 AM
>> *To:* Jan Schultke <janschultke_at_[hidden]>
>> *Cc:* Amit <amitchoudhary0523_at_[hidden]>; std-discussion_at_[hidden]
>> *Subject:* Re: [std-discussion] C++ language has a big security hole.
>>
>>
>>
>> In all C++ object layouts, I have seen that members follow the previous
>> one as in a C structure.
>>
>>
>>
>> My main point is that hackers/bad people can take advantage of this.
>>
>>
>>
>> Regards,
>>
>> Amit
>>
>>
>>
>>
>>
>> On Mon, Feb 17, 2025, 3:17 PM Jan Schultke <janschultke_at_[hidden]>
>> wrote:
>>
>> Your code has undefined behavior because you cannot obtain your j_ptr
>> by doing i_ptr + 1. A past the end pointer is not a pointer to the
>> next member.
>>
>> However, the example is correct without j_ptr. It is possible to
>> obtain a pointer to the first member of a standard-layout class such
>> as MyClass, even if that member is private.
>>
>> I wouldn't really call it a security hole. The only way you will do
>> this in idiomatic C++ code is with reinterpret_cast, and
>> reinterpret_cast is a giant red flag which says "I'm an expert, I know
>> what I'm doing, and what I'm doing is potentially dangerous". This
>> never happens by accident.
>>
>> --
> Std-Discussion mailing list
> Std-Discussion_at_[hidden]
> https://lists.isocpp.org/mailman/listinfo.cgi/std-discussion
>
it's not my role,
but keep calm :-)
Better not to shame anyone, about saying it's spam, or betting about age.
Amit, most of us guess that the subject is a bit unproper here, but anyway
better to ask if this helps you.
C++ is not only OOP-oriented but also functional programming.
Anyway, let's not digress.
Hope you were convinced that the feature to force accessing private (which
is a bad practice expect rare cases) is not a security issue.
Note also that old-style cast was to support retro-compatibility at that
time with C.
Anyway, other people know better than me about history. I am just a user as
you are :-)
Il giorno lun 17 feb 2025 alle ore 12:10 Amit via Std-Discussion <
std-discussion_at_[hidden]> ha scritto:
> How do you know when I was born? I have seen many people on mailing lists
> who make assumptions without thinking much.
>
> I was born before Microsoft was born.
>
>
> Well, I had identified the private keyword flaw in 2004 but I didn't do
> anything about it.
>
> I actually wouldn't have designed C++ this way where a key feature of the
> language can be rendered useless so easily.
>
> But anyways, I don't program in C++ and will never program in C++ even if
> I am getting less salary in any other language.
>
> I just don't like C++ because it is not a truly object oriented language.
> Friend functions break the whole object oriented concept. Besides, I think
> C++ is a complex language and good/expert programmers are hard to find.
>
> Other than google, I know of few projects that failed because it was in
> C++, not many experts available in C++.
>
> In fact I have always stopped moving my project(s) from C to C++.
>
> I have also seen few projects that just used C++ to wrap C code.
>
> Regards,
> Amit
>
>
>
>
> On Mon, Feb 17, 2025, 4:11 PM Tiago Freire <tmiguelf_at_[hidden]> wrote:
>
>> What you are describing is known to every developer that is learning how
>> to code, it has been there for over 30 years.
>>
>> In fact, this is not exclusive to C++, it’s been a thing in programming
>> since before you were born.
>>
>>
>>
>> Wouldn’t you think if it was such a security risk as you claim, that
>> developers wouldn’t have patch that by now?
>>
>>
>>
>> Or is it rather more likely that we know something you don’t?
>>
>>
>>
>>
>>
>>
>>
>> *From:* Amit <amitchoudhary0523_at_[hidden]>
>> *Sent:* Monday, February 17, 2025 11:10 AM
>> *To:* Tiago Freire <tmiguelf_at_[hidden]>
>> *Cc:* std-discussion_at_[hidden]; Jan Schultke <
>> janschultke_at_[hidden]>
>> *Subject:* Re: [std-discussion] C++ language has a big security hole.
>>
>>
>>
>> I don't know. I am not a hacker. I am just saying that may be hackers
>> know or may be not.
>>
>>
>>
>> But I can definitely mess up any object. So, data is not quite safe in
>> C++ as it has been advertised.
>>
>>
>>
>> "Private variables in a C++ class can't be accessed directly" is a very
>> popular statement.
>>
>>
>>
>> Regards,
>>
>> Amit
>>
>>
>>
>>
>>
>> On Mon, Feb 17, 2025, 3:29 PM Tiago Freire <tmiguelf_at_[hidden]> wrote:
>>
>> How?
>>
>>
>>
>>
>>
>> *From:* Std-Discussion <std-discussion-bounces_at_[hidden]> *On
>> Behalf Of *Amit via Std-Discussion
>> *Sent:* Monday, February 17, 2025 10:54 AM
>> *To:* Jan Schultke <janschultke_at_[hidden]>
>> *Cc:* Amit <amitchoudhary0523_at_[hidden]>; std-discussion_at_[hidden]
>> *Subject:* Re: [std-discussion] C++ language has a big security hole.
>>
>>
>>
>> In all C++ object layouts, I have seen that members follow the previous
>> one as in a C structure.
>>
>>
>>
>> My main point is that hackers/bad people can take advantage of this.
>>
>>
>>
>> Regards,
>>
>> Amit
>>
>>
>>
>>
>>
>> On Mon, Feb 17, 2025, 3:17 PM Jan Schultke <janschultke_at_[hidden]>
>> wrote:
>>
>> Your code has undefined behavior because you cannot obtain your j_ptr
>> by doing i_ptr + 1. A past the end pointer is not a pointer to the
>> next member.
>>
>> However, the example is correct without j_ptr. It is possible to
>> obtain a pointer to the first member of a standard-layout class such
>> as MyClass, even if that member is private.
>>
>> I wouldn't really call it a security hole. The only way you will do
>> this in idiomatic C++ code is with reinterpret_cast, and
>> reinterpret_cast is a giant red flag which says "I'm an expert, I know
>> what I'm doing, and what I'm doing is potentially dangerous". This
>> never happens by accident.
>>
>> --
> Std-Discussion mailing list
> Std-Discussion_at_[hidden]
> https://lists.isocpp.org/mailman/listinfo.cgi/std-discussion
>
Received on 2025-02-17 11:21:08