Date: Mon, 17 Feb 2025 18:41:51 +0530
>
>
> Well, I don’t know how to play the piano and I never played the piano, and
> I wouldn’t presume to teach a pianist that they should rip out the black
> keys out of their piano because they are out of tune and a malicious actor
> can ruin the concerto.
>
Your example doesn't make sense actually.
My logic and suspicion was still relevant to C++.
And then wouldn’t play the victim when somebody points out that the problem
> is not that the black keys are there but it is rather security staff who is
> responsible for preventing access to the stage.
>
>
>
I am not playing victim here. As usual, I will challenge you to a best of
five chess games. But I know that you will chicken out.
Knowledge can be acquired but intelligence can't be acquired.
I know you have knowledge but I doubt that you are intelligent.
The point is that I don't care what others think about me. I care about
what I think about myself. I know who I am and what's my worth. I don't go
around mocking people.
It’s not that we are trying to be condescending, believe me I’m trying
> really hard not to be.
>
You are behaving as if you are the Lord of this world. You are a very
arrogant person. Even Lord Jesus was not arrogant.
Great people are humble people. A person who is not humble cannot be a
great person.
But unfortunately, in all technical fields you need to have some level of
> technical expertise about the subject before you presume you can lecture on
> it.
>
So, this means that only experts can ask questions. I just said that
hackers can take advantage and someone said that this is not the case and I
agreed. I didn't lecture anyone.
If you think that only experts should ask questions then it should be
mentioned in this list's page that only C++ experts are allowed in this
list. Others, please stay away.
You need to be this tall to ride, and unfortunately you are too short.
>
>
>
This goes for you.
It’s not personal, it’s not an attack on you.
>
> It’s just that you don’t have the technical knowledge required to
> understand things when we explain that to you.
>
You can attack me and I will attack you back.
Tell me what I didn't understand?
If I was a technical fool then I couldn't have come up with my program
which involves pointers and a C++ object's memory layout.
Ask yourself, did you know about this before I mailed it in this list?
It’s not a crime to not know things, you are not a worse person because of
> it. But we talk, you don’t understand, we are just talking past each other,
> and there’s no way to bridge that gap.
>
>
>
Obviously, I know that I am a good person and you are a bad person.
You are talking in your own world. Some other people did reply to my
questions and I agreed.
I’m sorry.
>
>
>
No need to be sorry. You can attack me and I will attack you back.
Regards,
Amit
>
> *From:* Std-Discussion <std-discussion-bounces_at_[hidden]> *On
> Behalf Of *Amit via Std-Discussion
> *Sent:* Monday, February 17, 2025 1:20 PM
> *To:* mauro russo <ing.russomauro_at_[hidden]>
> *Cc:* Amit <amitchoudhary0523_at_[hidden]>; std-discussion_at_[hidden]
> *Subject:* Re: [std-discussion] C++ language has a big security hole.
>
>
>
> I have seen this problem with many people on mailing lists. Without
> knowing anything about the other person, they think that the other person
> is a fool.
>
>
>
> The same kind of thing happened with me few years ago and I challenged
> that person for a best of five chess games. And I said that if he wins then
> I will agree that he is smarter than me. But that person didn't even reply.
>
>
>
> I have seen many people who think that they are smarter than other people
> but when you actually challenge them to prove their smatness then either
> they won't reply or they won't turn up.
>
>
>
> Mocking someone is very easy. But proving your intelligence over others is
> very difficult.
>
>
>
> I never assume that the other person is a fool. Who knows who is on the
> other end?
>
>
>
> Regards,
>
> Amit
>
>
>
>
>
> On Mon, Feb 17, 2025, 4:51 PM mauro russo <ing.russomauro_at_[hidden]>
> wrote:
>
> guys,
>
> it's not my role,
> but keep calm :-)
>
> Better not to shame anyone, about saying it's spam, or betting about age.
>
> Amit, most of us guess that the subject is a bit unproper here, but anyway
> better to ask if this helps you.
>
> C++ is not only OOP-oriented but also functional programming.
> Anyway, let's not digress.
>
> Hope you were convinced that the feature to force accessing private (which
> is a bad practice expect rare cases) is not a security issue.
> Note also that old-style cast was to support retro-compatibility at that
> time with C.
>
> Anyway, other people know better than me about history. I am just a user
> as you are :-)
>
>
>
> Il giorno lun 17 feb 2025 alle ore 12:10 Amit via Std-Discussion <
> std-discussion_at_[hidden]> ha scritto:
>
> How do you know when I was born? I have seen many people on mailing lists
> who make assumptions without thinking much.
>
>
>
> I was born before Microsoft was born.
>
>
>
>
>
> Well, I had identified the private keyword flaw in 2004 but I didn't do
> anything about it.
>
>
>
> I actually wouldn't have designed C++ this way where a key feature of the
> language can be rendered useless so easily.
>
>
>
> But anyways, I don't program in C++ and will never program in C++ even if
> I am getting less salary in any other language.
>
>
>
> I just don't like C++ because it is not a truly object oriented language.
> Friend functions break the whole object oriented concept. Besides, I think
> C++ is a complex language and good/expert programmers are hard to find.
>
>
>
> Other than google, I know of few projects that failed because it was in
> C++, not many experts available in C++.
>
>
>
> In fact I have always stopped moving my project(s) from C to C++.
>
>
>
> I have also seen few projects that just used C++ to wrap C code.
>
>
>
> Regards,
>
> Amit
>
>
>
>
>
>
>
>
>
> On Mon, Feb 17, 2025, 4:11 PM Tiago Freire <tmiguelf_at_[hidden]> wrote:
>
> What you are describing is known to every developer that is learning how
> to code, it has been there for over 30 years.
>
> In fact, this is not exclusive to C++, it’s been a thing in programming
> since before you were born.
>
>
>
> Wouldn’t you think if it was such a security risk as you claim, that
> developers wouldn’t have patch that by now?
>
>
>
> Or is it rather more likely that we know something you don’t?
>
>
>
>
>
>
>
> *From:* Amit <amitchoudhary0523_at_[hidden]>
> *Sent:* Monday, February 17, 2025 11:10 AM
> *To:* Tiago Freire <tmiguelf_at_[hidden]>
> *Cc:* std-discussion_at_[hidden]; Jan Schultke <
> janschultke_at_[hidden]>
> *Subject:* Re: [std-discussion] C++ language has a big security hole.
>
>
>
> I don't know. I am not a hacker. I am just saying that may be hackers know
> or may be not.
>
>
>
> But I can definitely mess up any object. So, data is not quite safe in C++
> as it has been advertised.
>
>
>
> "Private variables in a C++ class can't be accessed directly" is a very
> popular statement.
>
>
>
> Regards,
>
> Amit
>
>
>
>
>
> On Mon, Feb 17, 2025, 3:29 PM Tiago Freire <tmiguelf_at_[hidden]> wrote:
>
> How?
>
>
>
>
>
> *From:* Std-Discussion <std-discussion-bounces_at_[hidden]> *On
> Behalf Of *Amit via Std-Discussion
> *Sent:* Monday, February 17, 2025 10:54 AM
> *To:* Jan Schultke <janschultke_at_[hidden]>
> *Cc:* Amit <amitchoudhary0523_at_[hidden]>; std-discussion_at_[hidden]
> *Subject:* Re: [std-discussion] C++ language has a big security hole.
>
>
>
> In all C++ object layouts, I have seen that members follow the previous
> one as in a C structure.
>
>
>
> My main point is that hackers/bad people can take advantage of this.
>
>
>
> Regards,
>
> Amit
>
>
>
>
>
> On Mon, Feb 17, 2025, 3:17 PM Jan Schultke <janschultke_at_[hidden]>
> wrote:
>
> Your code has undefined behavior because you cannot obtain your j_ptr
> by doing i_ptr + 1. A past the end pointer is not a pointer to the
> next member.
>
> However, the example is correct without j_ptr. It is possible to
> obtain a pointer to the first member of a standard-layout class such
> as MyClass, even if that member is private.
>
> I wouldn't really call it a security hole. The only way you will do
> this in idiomatic C++ code is with reinterpret_cast, and
> reinterpret_cast is a giant red flag which says "I'm an expert, I know
> what I'm doing, and what I'm doing is potentially dangerous". This
> never happens by accident.
>
> --
> Std-Discussion mailing list
> Std-Discussion_at_[hidden]
> https://lists.isocpp.org/mailman/listinfo.cgi/std-discussion
>
>
>
> Well, I don’t know how to play the piano and I never played the piano, and
> I wouldn’t presume to teach a pianist that they should rip out the black
> keys out of their piano because they are out of tune and a malicious actor
> can ruin the concerto.
>
Your example doesn't make sense actually.
My logic and suspicion was still relevant to C++.
And then wouldn’t play the victim when somebody points out that the problem
> is not that the black keys are there but it is rather security staff who is
> responsible for preventing access to the stage.
>
>
>
I am not playing victim here. As usual, I will challenge you to a best of
five chess games. But I know that you will chicken out.
Knowledge can be acquired but intelligence can't be acquired.
I know you have knowledge but I doubt that you are intelligent.
The point is that I don't care what others think about me. I care about
what I think about myself. I know who I am and what's my worth. I don't go
around mocking people.
It’s not that we are trying to be condescending, believe me I’m trying
> really hard not to be.
>
You are behaving as if you are the Lord of this world. You are a very
arrogant person. Even Lord Jesus was not arrogant.
Great people are humble people. A person who is not humble cannot be a
great person.
But unfortunately, in all technical fields you need to have some level of
> technical expertise about the subject before you presume you can lecture on
> it.
>
So, this means that only experts can ask questions. I just said that
hackers can take advantage and someone said that this is not the case and I
agreed. I didn't lecture anyone.
If you think that only experts should ask questions then it should be
mentioned in this list's page that only C++ experts are allowed in this
list. Others, please stay away.
You need to be this tall to ride, and unfortunately you are too short.
>
>
>
This goes for you.
It’s not personal, it’s not an attack on you.
>
> It’s just that you don’t have the technical knowledge required to
> understand things when we explain that to you.
>
You can attack me and I will attack you back.
Tell me what I didn't understand?
If I was a technical fool then I couldn't have come up with my program
which involves pointers and a C++ object's memory layout.
Ask yourself, did you know about this before I mailed it in this list?
It’s not a crime to not know things, you are not a worse person because of
> it. But we talk, you don’t understand, we are just talking past each other,
> and there’s no way to bridge that gap.
>
>
>
Obviously, I know that I am a good person and you are a bad person.
You are talking in your own world. Some other people did reply to my
questions and I agreed.
I’m sorry.
>
>
>
No need to be sorry. You can attack me and I will attack you back.
Regards,
Amit
>
> *From:* Std-Discussion <std-discussion-bounces_at_[hidden]> *On
> Behalf Of *Amit via Std-Discussion
> *Sent:* Monday, February 17, 2025 1:20 PM
> *To:* mauro russo <ing.russomauro_at_[hidden]>
> *Cc:* Amit <amitchoudhary0523_at_[hidden]>; std-discussion_at_[hidden]
> *Subject:* Re: [std-discussion] C++ language has a big security hole.
>
>
>
> I have seen this problem with many people on mailing lists. Without
> knowing anything about the other person, they think that the other person
> is a fool.
>
>
>
> The same kind of thing happened with me few years ago and I challenged
> that person for a best of five chess games. And I said that if he wins then
> I will agree that he is smarter than me. But that person didn't even reply.
>
>
>
> I have seen many people who think that they are smarter than other people
> but when you actually challenge them to prove their smatness then either
> they won't reply or they won't turn up.
>
>
>
> Mocking someone is very easy. But proving your intelligence over others is
> very difficult.
>
>
>
> I never assume that the other person is a fool. Who knows who is on the
> other end?
>
>
>
> Regards,
>
> Amit
>
>
>
>
>
> On Mon, Feb 17, 2025, 4:51 PM mauro russo <ing.russomauro_at_[hidden]>
> wrote:
>
> guys,
>
> it's not my role,
> but keep calm :-)
>
> Better not to shame anyone, about saying it's spam, or betting about age.
>
> Amit, most of us guess that the subject is a bit unproper here, but anyway
> better to ask if this helps you.
>
> C++ is not only OOP-oriented but also functional programming.
> Anyway, let's not digress.
>
> Hope you were convinced that the feature to force accessing private (which
> is a bad practice expect rare cases) is not a security issue.
> Note also that old-style cast was to support retro-compatibility at that
> time with C.
>
> Anyway, other people know better than me about history. I am just a user
> as you are :-)
>
>
>
> Il giorno lun 17 feb 2025 alle ore 12:10 Amit via Std-Discussion <
> std-discussion_at_[hidden]> ha scritto:
>
> How do you know when I was born? I have seen many people on mailing lists
> who make assumptions without thinking much.
>
>
>
> I was born before Microsoft was born.
>
>
>
>
>
> Well, I had identified the private keyword flaw in 2004 but I didn't do
> anything about it.
>
>
>
> I actually wouldn't have designed C++ this way where a key feature of the
> language can be rendered useless so easily.
>
>
>
> But anyways, I don't program in C++ and will never program in C++ even if
> I am getting less salary in any other language.
>
>
>
> I just don't like C++ because it is not a truly object oriented language.
> Friend functions break the whole object oriented concept. Besides, I think
> C++ is a complex language and good/expert programmers are hard to find.
>
>
>
> Other than google, I know of few projects that failed because it was in
> C++, not many experts available in C++.
>
>
>
> In fact I have always stopped moving my project(s) from C to C++.
>
>
>
> I have also seen few projects that just used C++ to wrap C code.
>
>
>
> Regards,
>
> Amit
>
>
>
>
>
>
>
>
>
> On Mon, Feb 17, 2025, 4:11 PM Tiago Freire <tmiguelf_at_[hidden]> wrote:
>
> What you are describing is known to every developer that is learning how
> to code, it has been there for over 30 years.
>
> In fact, this is not exclusive to C++, it’s been a thing in programming
> since before you were born.
>
>
>
> Wouldn’t you think if it was such a security risk as you claim, that
> developers wouldn’t have patch that by now?
>
>
>
> Or is it rather more likely that we know something you don’t?
>
>
>
>
>
>
>
> *From:* Amit <amitchoudhary0523_at_[hidden]>
> *Sent:* Monday, February 17, 2025 11:10 AM
> *To:* Tiago Freire <tmiguelf_at_[hidden]>
> *Cc:* std-discussion_at_[hidden]; Jan Schultke <
> janschultke_at_[hidden]>
> *Subject:* Re: [std-discussion] C++ language has a big security hole.
>
>
>
> I don't know. I am not a hacker. I am just saying that may be hackers know
> or may be not.
>
>
>
> But I can definitely mess up any object. So, data is not quite safe in C++
> as it has been advertised.
>
>
>
> "Private variables in a C++ class can't be accessed directly" is a very
> popular statement.
>
>
>
> Regards,
>
> Amit
>
>
>
>
>
> On Mon, Feb 17, 2025, 3:29 PM Tiago Freire <tmiguelf_at_[hidden]> wrote:
>
> How?
>
>
>
>
>
> *From:* Std-Discussion <std-discussion-bounces_at_[hidden]> *On
> Behalf Of *Amit via Std-Discussion
> *Sent:* Monday, February 17, 2025 10:54 AM
> *To:* Jan Schultke <janschultke_at_[hidden]>
> *Cc:* Amit <amitchoudhary0523_at_[hidden]>; std-discussion_at_[hidden]
> *Subject:* Re: [std-discussion] C++ language has a big security hole.
>
>
>
> In all C++ object layouts, I have seen that members follow the previous
> one as in a C structure.
>
>
>
> My main point is that hackers/bad people can take advantage of this.
>
>
>
> Regards,
>
> Amit
>
>
>
>
>
> On Mon, Feb 17, 2025, 3:17 PM Jan Schultke <janschultke_at_[hidden]>
> wrote:
>
> Your code has undefined behavior because you cannot obtain your j_ptr
> by doing i_ptr + 1. A past the end pointer is not a pointer to the
> next member.
>
> However, the example is correct without j_ptr. It is possible to
> obtain a pointer to the first member of a standard-layout class such
> as MyClass, even if that member is private.
>
> I wouldn't really call it a security hole. The only way you will do
> this in idiomatic C++ code is with reinterpret_cast, and
> reinterpret_cast is a giant red flag which says "I'm an expert, I know
> what I'm doing, and what I'm doing is potentially dangerous". This
> never happens by accident.
>
> --
> Std-Discussion mailing list
> Std-Discussion_at_[hidden]
> https://lists.isocpp.org/mailman/listinfo.cgi/std-discussion
>
>
Received on 2025-02-17 13:12:06