Security Risk?
Manfred Nowak
svv1999 at hotmail.com
Mon Feb 12 09:42:25 PST 2007
Sean Kelly wrote
> D is a systems language. Using pointers and such, any method is
> free to randomly overwrite application memory if it really wants
> to.
That is not what I mean. Overwriting of memory used by the application
would cause loss of data, unless the data is compressible. And loss of
data would cause malfunctioning.
But with D one does not need to overwrite memory. D seems to be able to
attach data to a class instance without letting you know about that.
So: no malfunctioning until it is triggered somehow.
Even if the data of the application is incompressible, one seems unable
to detect the attached data, because even if one requires to have that
incompressible data returned unchanged and it comes back unchanged,
even then there might be data attached.
If my fears turn out to be true, then D has an integrated capability
for supporting trojans.
-manfred
More information about the Digitalmars-d
mailing list