Date: Mon, 17 Feb 2025 13:19:10 +0100
pon., 17 lut 2025 o 11:10 Amit via Std-Discussion
<std-discussion_at_[hidden]> napisaĆ(a):
>
> I don't know. I am not a hacker. I am just saying that may be hackers know or may be not.
>
> But I can definitely mess up any object. So, data is not quite safe in C++ as it has been advertised.
>
> "Private variables in a C++ class can't be accessed directly" is a very popular statement.
>
> Regards,
> Amit
>
If you are not a hacker then why do you claim this is even useful for hackers?
Besides, even if I want to have "secure" `private:` how would you like
to archive it?
Remember you can link assembler (or other languages) to your program.
How could C++ prevent that rust, pascal, fortran from touching its memory?
Or even, you can run gdb and directly update memory.
Remember, whoever compiles the code is "owner" of the code, he has
final say what will happen
he could even replace `#define private public` and you can't stop it.
`private` is to prevent errors not to stop Machiavelli (and using cast
is Machivellian action).
besides, if I'm "hacker" and want to corrupt my own code I can write
code like `*(int*)nullptr = 1`
or `system("format C:/");`, I do not need to abuse `private` to do this.
>
> On Mon, Feb 17, 2025, 3:29 PM Tiago Freire <tmiguelf_at_[hidden]> wrote:
>>
>> How?
>>
>>
>>
>>
>>
>> From: Std-Discussion <std-discussion-bounces_at_[hidden]> On Behalf Of Amit via Std-Discussion
>> Sent: Monday, February 17, 2025 10:54 AM
>> To: Jan Schultke <janschultke_at_[hidden]>
>> Cc: Amit <amitchoudhary0523_at_[hidden]>; std-discussion_at_[hidden]
>> Subject: Re: [std-discussion] C++ language has a big security hole.
>>
>>
>>
>> In all C++ object layouts, I have seen that members follow the previous one as in a C structure.
>>
>>
>>
>> My main point is that hackers/bad people can take advantage of this.
>>
>>
>>
>> Regards,
>>
>> Amit
>>
>>
>>
>>
>>
>> On Mon, Feb 17, 2025, 3:17 PM Jan Schultke <janschultke_at_[hidden]> wrote:
>>
>> Your code has undefined behavior because you cannot obtain your j_ptr
>> by doing i_ptr + 1. A past the end pointer is not a pointer to the
>> next member.
>>
>> However, the example is correct without j_ptr. It is possible to
>> obtain a pointer to the first member of a standard-layout class such
>> as MyClass, even if that member is private.
>>
>> I wouldn't really call it a security hole. The only way you will do
>> this in idiomatic C++ code is with reinterpret_cast, and
>> reinterpret_cast is a giant red flag which says "I'm an expert, I know
>> what I'm doing, and what I'm doing is potentially dangerous". This
>> never happens by accident.
>
> --
> Std-Discussion mailing list
> Std-Discussion_at_[hidden]
> https://lists.isocpp.org/mailman/listinfo.cgi/std-discussion
<std-discussion_at_[hidden]> napisaĆ(a):
>
> I don't know. I am not a hacker. I am just saying that may be hackers know or may be not.
>
> But I can definitely mess up any object. So, data is not quite safe in C++ as it has been advertised.
>
> "Private variables in a C++ class can't be accessed directly" is a very popular statement.
>
> Regards,
> Amit
>
If you are not a hacker then why do you claim this is even useful for hackers?
Besides, even if I want to have "secure" `private:` how would you like
to archive it?
Remember you can link assembler (or other languages) to your program.
How could C++ prevent that rust, pascal, fortran from touching its memory?
Or even, you can run gdb and directly update memory.
Remember, whoever compiles the code is "owner" of the code, he has
final say what will happen
he could even replace `#define private public` and you can't stop it.
`private` is to prevent errors not to stop Machiavelli (and using cast
is Machivellian action).
besides, if I'm "hacker" and want to corrupt my own code I can write
code like `*(int*)nullptr = 1`
or `system("format C:/");`, I do not need to abuse `private` to do this.
>
> On Mon, Feb 17, 2025, 3:29 PM Tiago Freire <tmiguelf_at_[hidden]> wrote:
>>
>> How?
>>
>>
>>
>>
>>
>> From: Std-Discussion <std-discussion-bounces_at_[hidden]> On Behalf Of Amit via Std-Discussion
>> Sent: Monday, February 17, 2025 10:54 AM
>> To: Jan Schultke <janschultke_at_[hidden]>
>> Cc: Amit <amitchoudhary0523_at_[hidden]>; std-discussion_at_[hidden]
>> Subject: Re: [std-discussion] C++ language has a big security hole.
>>
>>
>>
>> In all C++ object layouts, I have seen that members follow the previous one as in a C structure.
>>
>>
>>
>> My main point is that hackers/bad people can take advantage of this.
>>
>>
>>
>> Regards,
>>
>> Amit
>>
>>
>>
>>
>>
>> On Mon, Feb 17, 2025, 3:17 PM Jan Schultke <janschultke_at_[hidden]> wrote:
>>
>> Your code has undefined behavior because you cannot obtain your j_ptr
>> by doing i_ptr + 1. A past the end pointer is not a pointer to the
>> next member.
>>
>> However, the example is correct without j_ptr. It is possible to
>> obtain a pointer to the first member of a standard-layout class such
>> as MyClass, even if that member is private.
>>
>> I wouldn't really call it a security hole. The only way you will do
>> this in idiomatic C++ code is with reinterpret_cast, and
>> reinterpret_cast is a giant red flag which says "I'm an expert, I know
>> what I'm doing, and what I'm doing is potentially dangerous". This
>> never happens by accident.
>
> --
> Std-Discussion mailing list
> Std-Discussion_at_[hidden]
> https://lists.isocpp.org/mailman/listinfo.cgi/std-discussion
Received on 2025-02-17 12:19:22