Date: Mon, 17 Feb 2025 17:50:14 +0530
I have seen this problem with many people on mailing lists. Without knowing
anything about the other person, they think that the other person is a fool.
The same kind of thing happened with me few years ago and I challenged that
person for a best of five chess games. And I said that if he wins then I
will agree that he is smarter than me. But that person didn't even reply.
I have seen many people who think that they are smarter than other people
but when you actually challenge them to prove their smatness then either
they won't reply or they won't turn up.
Mocking someone is very easy. But proving your intelligence over others is
very difficult.
I never assume that the other person is a fool. Who knows who is on the
other end?
Regards,
Amit
On Mon, Feb 17, 2025, 4:51 PM mauro russo <ing.russomauro_at_[hidden]> wrote:
> guys,
>
> it's not my role,
> but keep calm :-)
>
> Better not to shame anyone, about saying it's spam, or betting about age.
>
> Amit, most of us guess that the subject is a bit unproper here, but anyway
> better to ask if this helps you.
>
> C++ is not only OOP-oriented but also functional programming.
> Anyway, let's not digress.
>
> Hope you were convinced that the feature to force accessing private (which
> is a bad practice expect rare cases) is not a security issue.
> Note also that old-style cast was to support retro-compatibility at that
> time with C.
>
> Anyway, other people know better than me about history. I am just a user
> as you are :-)
>
> Il giorno lun 17 feb 2025 alle ore 12:10 Amit via Std-Discussion <
> std-discussion_at_[hidden]> ha scritto:
>
>> How do you know when I was born? I have seen many people on mailing lists
>> who make assumptions without thinking much.
>>
>> I was born before Microsoft was born.
>>
>>
>> Well, I had identified the private keyword flaw in 2004 but I didn't do
>> anything about it.
>>
>> I actually wouldn't have designed C++ this way where a key feature of the
>> language can be rendered useless so easily.
>>
>> But anyways, I don't program in C++ and will never program in C++ even if
>> I am getting less salary in any other language.
>>
>> I just don't like C++ because it is not a truly object oriented language.
>> Friend functions break the whole object oriented concept. Besides, I think
>> C++ is a complex language and good/expert programmers are hard to find.
>>
>> Other than google, I know of few projects that failed because it was in
>> C++, not many experts available in C++.
>>
>> In fact I have always stopped moving my project(s) from C to C++.
>>
>> I have also seen few projects that just used C++ to wrap C code.
>>
>> Regards,
>> Amit
>>
>>
>>
>>
>> On Mon, Feb 17, 2025, 4:11 PM Tiago Freire <tmiguelf_at_[hidden]> wrote:
>>
>>> What you are describing is known to every developer that is learning how
>>> to code, it has been there for over 30 years.
>>>
>>> In fact, this is not exclusive to C++, it’s been a thing in programming
>>> since before you were born.
>>>
>>>
>>>
>>> Wouldn’t you think if it was such a security risk as you claim, that
>>> developers wouldn’t have patch that by now?
>>>
>>>
>>>
>>> Or is it rather more likely that we know something you don’t?
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> *From:* Amit <amitchoudhary0523_at_[hidden]>
>>> *Sent:* Monday, February 17, 2025 11:10 AM
>>> *To:* Tiago Freire <tmiguelf_at_[hidden]>
>>> *Cc:* std-discussion_at_[hidden]; Jan Schultke <
>>> janschultke_at_[hidden]>
>>> *Subject:* Re: [std-discussion] C++ language has a big security hole.
>>>
>>>
>>>
>>> I don't know. I am not a hacker. I am just saying that may be hackers
>>> know or may be not.
>>>
>>>
>>>
>>> But I can definitely mess up any object. So, data is not quite safe in
>>> C++ as it has been advertised.
>>>
>>>
>>>
>>> "Private variables in a C++ class can't be accessed directly" is a very
>>> popular statement.
>>>
>>>
>>>
>>> Regards,
>>>
>>> Amit
>>>
>>>
>>>
>>>
>>>
>>> On Mon, Feb 17, 2025, 3:29 PM Tiago Freire <tmiguelf_at_[hidden]> wrote:
>>>
>>> How?
>>>
>>>
>>>
>>>
>>>
>>> *From:* Std-Discussion <std-discussion-bounces_at_[hidden]> *On
>>> Behalf Of *Amit via Std-Discussion
>>> *Sent:* Monday, February 17, 2025 10:54 AM
>>> *To:* Jan Schultke <janschultke_at_[hidden]>
>>> *Cc:* Amit <amitchoudhary0523_at_[hidden]>;
>>> std-discussion_at_[hidden]
>>> *Subject:* Re: [std-discussion] C++ language has a big security hole.
>>>
>>>
>>>
>>> In all C++ object layouts, I have seen that members follow the previous
>>> one as in a C structure.
>>>
>>>
>>>
>>> My main point is that hackers/bad people can take advantage of this.
>>>
>>>
>>>
>>> Regards,
>>>
>>> Amit
>>>
>>>
>>>
>>>
>>>
>>> On Mon, Feb 17, 2025, 3:17 PM Jan Schultke <janschultke_at_[hidden]>
>>> wrote:
>>>
>>> Your code has undefined behavior because you cannot obtain your j_ptr
>>> by doing i_ptr + 1. A past the end pointer is not a pointer to the
>>> next member.
>>>
>>> However, the example is correct without j_ptr. It is possible to
>>> obtain a pointer to the first member of a standard-layout class such
>>> as MyClass, even if that member is private.
>>>
>>> I wouldn't really call it a security hole. The only way you will do
>>> this in idiomatic C++ code is with reinterpret_cast, and
>>> reinterpret_cast is a giant red flag which says "I'm an expert, I know
>>> what I'm doing, and what I'm doing is potentially dangerous". This
>>> never happens by accident.
>>>
>>> --
>> Std-Discussion mailing list
>> Std-Discussion_at_[hidden]
>> https://lists.isocpp.org/mailman/listinfo.cgi/std-discussion
>>
>
anything about the other person, they think that the other person is a fool.
The same kind of thing happened with me few years ago and I challenged that
person for a best of five chess games. And I said that if he wins then I
will agree that he is smarter than me. But that person didn't even reply.
I have seen many people who think that they are smarter than other people
but when you actually challenge them to prove their smatness then either
they won't reply or they won't turn up.
Mocking someone is very easy. But proving your intelligence over others is
very difficult.
I never assume that the other person is a fool. Who knows who is on the
other end?
Regards,
Amit
On Mon, Feb 17, 2025, 4:51 PM mauro russo <ing.russomauro_at_[hidden]> wrote:
> guys,
>
> it's not my role,
> but keep calm :-)
>
> Better not to shame anyone, about saying it's spam, or betting about age.
>
> Amit, most of us guess that the subject is a bit unproper here, but anyway
> better to ask if this helps you.
>
> C++ is not only OOP-oriented but also functional programming.
> Anyway, let's not digress.
>
> Hope you were convinced that the feature to force accessing private (which
> is a bad practice expect rare cases) is not a security issue.
> Note also that old-style cast was to support retro-compatibility at that
> time with C.
>
> Anyway, other people know better than me about history. I am just a user
> as you are :-)
>
> Il giorno lun 17 feb 2025 alle ore 12:10 Amit via Std-Discussion <
> std-discussion_at_[hidden]> ha scritto:
>
>> How do you know when I was born? I have seen many people on mailing lists
>> who make assumptions without thinking much.
>>
>> I was born before Microsoft was born.
>>
>>
>> Well, I had identified the private keyword flaw in 2004 but I didn't do
>> anything about it.
>>
>> I actually wouldn't have designed C++ this way where a key feature of the
>> language can be rendered useless so easily.
>>
>> But anyways, I don't program in C++ and will never program in C++ even if
>> I am getting less salary in any other language.
>>
>> I just don't like C++ because it is not a truly object oriented language.
>> Friend functions break the whole object oriented concept. Besides, I think
>> C++ is a complex language and good/expert programmers are hard to find.
>>
>> Other than google, I know of few projects that failed because it was in
>> C++, not many experts available in C++.
>>
>> In fact I have always stopped moving my project(s) from C to C++.
>>
>> I have also seen few projects that just used C++ to wrap C code.
>>
>> Regards,
>> Amit
>>
>>
>>
>>
>> On Mon, Feb 17, 2025, 4:11 PM Tiago Freire <tmiguelf_at_[hidden]> wrote:
>>
>>> What you are describing is known to every developer that is learning how
>>> to code, it has been there for over 30 years.
>>>
>>> In fact, this is not exclusive to C++, it’s been a thing in programming
>>> since before you were born.
>>>
>>>
>>>
>>> Wouldn’t you think if it was such a security risk as you claim, that
>>> developers wouldn’t have patch that by now?
>>>
>>>
>>>
>>> Or is it rather more likely that we know something you don’t?
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> *From:* Amit <amitchoudhary0523_at_[hidden]>
>>> *Sent:* Monday, February 17, 2025 11:10 AM
>>> *To:* Tiago Freire <tmiguelf_at_[hidden]>
>>> *Cc:* std-discussion_at_[hidden]; Jan Schultke <
>>> janschultke_at_[hidden]>
>>> *Subject:* Re: [std-discussion] C++ language has a big security hole.
>>>
>>>
>>>
>>> I don't know. I am not a hacker. I am just saying that may be hackers
>>> know or may be not.
>>>
>>>
>>>
>>> But I can definitely mess up any object. So, data is not quite safe in
>>> C++ as it has been advertised.
>>>
>>>
>>>
>>> "Private variables in a C++ class can't be accessed directly" is a very
>>> popular statement.
>>>
>>>
>>>
>>> Regards,
>>>
>>> Amit
>>>
>>>
>>>
>>>
>>>
>>> On Mon, Feb 17, 2025, 3:29 PM Tiago Freire <tmiguelf_at_[hidden]> wrote:
>>>
>>> How?
>>>
>>>
>>>
>>>
>>>
>>> *From:* Std-Discussion <std-discussion-bounces_at_[hidden]> *On
>>> Behalf Of *Amit via Std-Discussion
>>> *Sent:* Monday, February 17, 2025 10:54 AM
>>> *To:* Jan Schultke <janschultke_at_[hidden]>
>>> *Cc:* Amit <amitchoudhary0523_at_[hidden]>;
>>> std-discussion_at_[hidden]
>>> *Subject:* Re: [std-discussion] C++ language has a big security hole.
>>>
>>>
>>>
>>> In all C++ object layouts, I have seen that members follow the previous
>>> one as in a C structure.
>>>
>>>
>>>
>>> My main point is that hackers/bad people can take advantage of this.
>>>
>>>
>>>
>>> Regards,
>>>
>>> Amit
>>>
>>>
>>>
>>>
>>>
>>> On Mon, Feb 17, 2025, 3:17 PM Jan Schultke <janschultke_at_[hidden]>
>>> wrote:
>>>
>>> Your code has undefined behavior because you cannot obtain your j_ptr
>>> by doing i_ptr + 1. A past the end pointer is not a pointer to the
>>> next member.
>>>
>>> However, the example is correct without j_ptr. It is possible to
>>> obtain a pointer to the first member of a standard-layout class such
>>> as MyClass, even if that member is private.
>>>
>>> I wouldn't really call it a security hole. The only way you will do
>>> this in idiomatic C++ code is with reinterpret_cast, and
>>> reinterpret_cast is a giant red flag which says "I'm an expert, I know
>>> what I'm doing, and what I'm doing is potentially dangerous". This
>>> never happens by accident.
>>>
>>> --
>> Std-Discussion mailing list
>> Std-Discussion_at_[hidden]
>> https://lists.isocpp.org/mailman/listinfo.cgi/std-discussion
>>
>
Received on 2025-02-17 12:20:28