Discussion on avoiding security vulnerabilities in C++

Clay Smith clayasaurus at gmail.com
Fri Jul 13 08:50:54 PDT 2007


Lutger wrote:
> Walter Bright wrote:
>> http://www.matasano.com/log/914/c-a-cautionary-tale-or-1-hour-of-your-black-hat-trip-is-spoken-for/ 
>>
> 
> Interesting post, particularly the comment about iterators. It raises 
> the question what security related bug classes can be found in D and are 
> to be aware of. I'm no expert on this matter at all but what comes to mind:
> 
> - inappropriate use of delegates (messing with the stack)
> - array slices / array bounds errors
> - inappropriate use of destructors (but probably not common)
> 
> Or to put it another way, if D will get popular enough via what language 
> constructs will software written in it most likely be exploited?
> 
> The garbage collector implementation may have some issues? But this is 
> not part of the language I suppose. And the objection that bare-metal 
> (pointers) access is possible is not that relevant imho, since 1) D is a 
> systems programming language after all and 2) this feature is not 
> something that is the default nor is it dressed up as in C++.
> 
> Any other concerns / thoughts / recommendations?

Currently, if you don't 'new' your class, you go to crash land. Isn't 
this a potential security problem?

if (rare_path)
{
   use_class_without_init.func();
}



More information about the Digitalmars-d mailing list