Intended Security Hole?

Manfred Nowak svv1999 at hotmail.com
Wed Oct 24 14:07:28 PDT 2012


Chris Cain wrote:

> So, no, the implementation wouldn't be changed during runtime 
> since it must be provided when linking.

Thats an expressed intent only. Reason: the linker does not know any 
thing about the language; the linker would be satisfied if there 
exists any function the linker can link to ... but the linker would 
not prohibit any replacement of that function during runtime.

Conclusion: until a proof of the imposibility, there might exist 
cases in which such replacement is possible.

Example for a _visible_ hijack:
-----------------------------------------------------
private import std.stdio;

abstract class Base {
    void   foo(float f);
}

class Derived1 : Base {
    void   foo(float f) { writefln("f =1= %f", f); }
}
class Derived2 : Base {
    void   foo(float f) { writefln("f =2= %f", f); }
}

void main() {
    Base b;
    float f = 2.5;

    auto d1 = new Derived1;
    b= d1;
    b.foo( f); // f =1= 2.500000

    auto d2= new Derived2;
    b= d2;
    b.foo( f); // f =2= 2.500000
}
-----------------------------------------

Can be proved that it is impossible to make the assignment `b= d2;' 
invisible?

-manfred



More information about the Digitalmars-d-learn mailing list