Discussion on avoiding security vulnerabilities in C++
Clay Smith
clayasaurus at gmail.com
Fri Jul 13 08:50:54 PDT 2007
Lutger wrote:
> Walter Bright wrote:
>> http://www.matasano.com/log/914/c-a-cautionary-tale-or-1-hour-of-your-black-hat-trip-is-spoken-for/
>>
>
> Interesting post, particularly the comment about iterators. It raises
> the question what security related bug classes can be found in D and are
> to be aware of. I'm no expert on this matter at all but what comes to mind:
>
> - inappropriate use of delegates (messing with the stack)
> - array slices / array bounds errors
> - inappropriate use of destructors (but probably not common)
>
> Or to put it another way, if D will get popular enough via what language
> constructs will software written in it most likely be exploited?
>
> The garbage collector implementation may have some issues? But this is
> not part of the language I suppose. And the objection that bare-metal
> (pointers) access is possible is not that relevant imho, since 1) D is a
> systems programming language after all and 2) this feature is not
> something that is the default nor is it dressed up as in C++.
>
> Any other concerns / thoughts / recommendations?
Currently, if you don't 'new' your class, you go to crash land. Isn't
this a potential security problem?
if (rare_path)
{
use_class_without_init.func();
}
More information about the Digitalmars-d
mailing list