Security Risk?

[Bill Baxter]

Manfred Nowak wrote:
> Bill Baxter wrote
> 
>> What makes D special in this regard?  Can't you do it with C++
>> just as easily?  (Not really sure what you mean by 'hiding
>> additional data in the instance', but every way I can think of
>> would be just as possible in C++.)
> 
> Thank you for the hint.
> 
> Meanwhile I have checked D and C++ for that risk---and yes also C++ is 
> vulnerable. D got it slightly better.
> 
> The risk stems from the possibility to cast instances up and down the 
> derivation tree.
> 
> Neither C++ nor D seem to have a statement for cutting off some parts 
> of the derivation tree.
> 
> That is: even if you think you are at a leaf node of the derivation 
> tree with your instance, there might be more levels silently present.
> 
> This means, that you might be transporting data and methods of an 
> attacker through the system.
> 
> This means also that an attacker might be able to identify data and 
> methods you have marked as being private. And this without being forced 
> to dive into system via pointers and such.
> 
> The usual language constructs enable such attacks. This somehow 
> frightens me.
> 
> -manfred   

Well, let's take a step back.
As someone mentioned already, D has pointers.  That means if you give 
*any* of my code a chance to run, I can basically do whatever I want.  I 
have access to all the code and data in the current program.  It may not 
be in as easy-to-access form as if you had handed me a pointer to the 
most interesting object on a platter, but it's still all there.

Exploits are almost always about figuring out how to get my arbitrary 
code to be executed by your running program.  If you're *calling* my 
function directly then you're already pwned, as they say.  It's like 
breaking into the burglar's house, dumping your valuables in the middle 
of the floor and then tauting him with "let's see you steal THAT!" as 
you strut out the door.  It's a fait accompli.

--bb