Date: Mon, 17 Feb 2025 15:29:53 +0100
pon., 17 lut 2025 o 15:13 Amit via Std-Discussion
<std-discussion_at_[hidden]> napisał(a):
>
> I am again saying that I had already agreed to it and till that time there was no acrimony.
>
> I am pasting my reply below. Please read the last line of my reply.
>
> -----------------------------
> I had read many times that hackers have taken control of a system by using a RCE (Remote Code Ececution) attack.
>
> So, they are also doing it from outside the process.
>
> The virtual table pointer is at the bottom of the C++ object structure. So, the virtual functions addresses can be changed to some other code/function address.
>
> But anyways, I just highlighted this. Its ok with me if there is no security issue because of this.
>
> Regards,
> Amit
> -----------------------------
>
> Ideally, the discussion should have stopped here after I agreed.
>
> But after that Tiago Freire wrote this:
>
> ----------------------
> In fact, this is not exclusive to C++, it’s been a thing in programming since before you were born.
> -----------------------
>
> Tiago Freire made an assumption and it was wrong and it offended me, so I repled back.
Because your post simply shows a lack of understanding of what
"security" is about.
Reason is simply even before anyone access any private field of class he already
have RCE access to your system as otherwise he would not be allowed to
calculate pointer offset
to this private field. This is classic example of:
https://devblogs.microsoft.com/oldnewthing/20060508-22/?p=31283
>
> If Tiago Freire wouldn't have wriiten about when I was born then we wouldn't have gotten into this mess.
>
> What's the need to get personal on a mailng list?
>
> Regards,
> Amit
>
>
>
> On Mon, Feb 17, 2025, 7:19 PM mauro russo via Std-Discussion <std-discussion_at_[hidden]> wrote:
>>
>> Please, Amit, don't take It personally.
>>
>> Maybe, anyone might not be kind, but for sure I see Thiago is just trying tò explain.
>>
>> This is not social media.
>>
>> However, again, from inside a process, in assembly, you can access whatever you want in your memory, there is no OOP-protection at that level, not even any security risk about that.
>> If an hacker has hands in the code (and this may happen... e.g. in open source projects), this is not matter of programming language, but of development process and SW lifecycle.
>> For your complain, you should ask to HW makers, or OS makers. But all here believe that this would not make sense.
>> --
>> Std-Discussion mailing list
>> Std-Discussion_at_[hidden]
>> https://lists.isocpp.org/mailman/listinfo.cgi/std-discussion
>
> --
> Std-Discussion mailing list
> Std-Discussion_at_[hidden]
> https://lists.isocpp.org/mailman/listinfo.cgi/std-discussion
<std-discussion_at_[hidden]> napisał(a):
>
> I am again saying that I had already agreed to it and till that time there was no acrimony.
>
> I am pasting my reply below. Please read the last line of my reply.
>
> -----------------------------
> I had read many times that hackers have taken control of a system by using a RCE (Remote Code Ececution) attack.
>
> So, they are also doing it from outside the process.
>
> The virtual table pointer is at the bottom of the C++ object structure. So, the virtual functions addresses can be changed to some other code/function address.
>
> But anyways, I just highlighted this. Its ok with me if there is no security issue because of this.
>
> Regards,
> Amit
> -----------------------------
>
> Ideally, the discussion should have stopped here after I agreed.
>
> But after that Tiago Freire wrote this:
>
> ----------------------
> In fact, this is not exclusive to C++, it’s been a thing in programming since before you were born.
> -----------------------
>
> Tiago Freire made an assumption and it was wrong and it offended me, so I repled back.
Because your post simply shows a lack of understanding of what
"security" is about.
Reason is simply even before anyone access any private field of class he already
have RCE access to your system as otherwise he would not be allowed to
calculate pointer offset
to this private field. This is classic example of:
https://devblogs.microsoft.com/oldnewthing/20060508-22/?p=31283
>
> If Tiago Freire wouldn't have wriiten about when I was born then we wouldn't have gotten into this mess.
>
> What's the need to get personal on a mailng list?
>
> Regards,
> Amit
>
>
>
> On Mon, Feb 17, 2025, 7:19 PM mauro russo via Std-Discussion <std-discussion_at_[hidden]> wrote:
>>
>> Please, Amit, don't take It personally.
>>
>> Maybe, anyone might not be kind, but for sure I see Thiago is just trying tò explain.
>>
>> This is not social media.
>>
>> However, again, from inside a process, in assembly, you can access whatever you want in your memory, there is no OOP-protection at that level, not even any security risk about that.
>> If an hacker has hands in the code (and this may happen... e.g. in open source projects), this is not matter of programming language, but of development process and SW lifecycle.
>> For your complain, you should ask to HW makers, or OS makers. But all here believe that this would not make sense.
>> --
>> Std-Discussion mailing list
>> Std-Discussion_at_[hidden]
>> https://lists.isocpp.org/mailman/listinfo.cgi/std-discussion
>
> --
> Std-Discussion mailing list
> Std-Discussion_at_[hidden]
> https://lists.isocpp.org/mailman/listinfo.cgi/std-discussion
Received on 2025-02-17 14:30:08