Sign in to follow this  
WISMAK

C++ access specifiers are binaries????

Recommended Posts

WISMAK    100
Hi I created a simple class for testing purposes to see how C++ is serious about memebr access specifiers. Inside the DLL module a simple class with a private/protected member. Inside the client EXE program I used the same header for class definition with a change to the protected/private member to public so that I thought I could access it breaking the C++ protection mechanism. Using Visual C++ toolkit 2003 the program still cannot resolve the public symbol in the class since it's declared in the DLL as protected/private. This is a good thing; however, it's not true for GCC and Intel C++ under Linux. Which behaviour is more accurate and is it possible to do the same under the Linux? It seems that MS has stronger programming platforma nd more secure. Thanks for your help in advance.

Share this post


Link to post
Share on other sites
MaulingMonkey    1728
public/protected/private are tools to prevent yourself from shooting yourself in the foot, not "anti-hack" tools. You want to see an easy way to break it?

#include <iostream>
using namespace std;

class foo {
private:
int variable;
public:
void set_variable( int v ) {
variable = v;
}
};

class bar {
public:
int variable;
};

int main() {
foo f;
f.set_variable( 21 );
//f.variable is protected, right?
//wrong:
std::cout << ((bar *)&f)->variable << std::endl;
}



As far as I know, the results of this code are officially "undefined" (something to do with POD types may apply, I don't know for certain). That said, I'd be suprised if the program didn't print out "21" and end with pretty much any compiler.

Share this post


Link to post
Share on other sites
SiCrane    11839
Accessing a object in two different translation units using two different class definitions had undefined behavior. As such, saying one compilers definition being more correct than anothers is meaningless.

That being said, it's really meaningless to be trying to test your compilers level of protection against bypassing access restrictions. To quote Stroustrup himself "The C++ language access control mechanisms provide protection against accident - not against fraud". There are large number of ways to access a private or protected member without using different definitions in different translation units.

Share this post


Link to post
Share on other sites
WISMAK    100
Sorry I'm not asking about a way to hack a predefined class. I want to make sure is it a compiler feature in MS VC++ that it has more solid protection and integration with language semantics, or is it a result of undefined behaviour and I should not count on that?

And if so how should I PREVENT such hacking?

Share this post


Link to post
Share on other sites
Sneftel    1788
Quote:
Original post by WISMAK
Sorry I'm not asking about a way to hack a predefined class. I want to make sure is it a compiler feature in MS VC++ that it has more solid protection and integration with language semantics, or is it a result of undefined behaviour and I should not count on that?
Not really. It's a little more tricky in MSVC++, because of the way it uses import libraries, but it's by no means impossible, nor even particularly hard.
Quote:
And if so how should I PREVENT such hacking?

You can't. They're running the software on THEIR processor, after all....the data's right there.

Share this post


Link to post
Share on other sites
MaulingMonkey    1728
You'd have to intentionally keep two seperate definitions of a class in order to be able to accidentally shoot yourself in the foot with this, and you've got bigger issues than this if you're doing that.

Here's the relevant questions with regards to this "feature":

Q1) Will it prevent me from accidentally shooting myself in the foot?
A1) Possibly, but I think you're more likely to be struck by lightning than be helped by this. Implementing this feature is a waste of time (my opinion).

Q2) Will it prevent me from intentionally shooting myself in the foot?
A2) No.

Q3) Will it prevent someone else from shooting myself in the foot?
A3) No.

Neither behavior is more "accurate", this "feature" will neither help you program or debug (make the platform "stronger"), nor will it protect your code from being hacked (make the platform "more secure").

Share this post


Link to post
Share on other sites
WISMAK    100
I'm not shooting myself and never intend to do so.

I'm asking for god sake about if it's a feature in MS VC++ or is it something results as an undefined behaviour. geeze.

Share this post


Link to post
Share on other sites
Helter Skelter    332
When a class declaration is compiled each attribute and method belonging to the class has it's name mangled....

class test {
int someval;
};


The compiler turns someval into something that looks like "??test@someval@i@@aexx". If you change the access qualifier from public to private the mangaled name (signature) of that attribute also changes. If you compile the dll with one header then compile an application with another header the symbol cannot be resolved at link time (because it's CHANGED).

Access qualifiers are applied at compile time (and link time due to mangled name signatures) NOT at runtime.


edit: the above applies to class names, method names, and static members. data members are offest from the pointer of an instantiated object.

Share this post


Link to post
Share on other sites
MaulingMonkey    1728
Quote:
Original post by WISMAK
I'm asking for god sake about if it's a feature in MS VC++ or is it something results as an undefined behaviour. geeze.


It's simply a difference between the compilers, not a bug, not a feature, just a difference. It dosn't help make the platform more secure nor stronger. That's what I'm trying to get at.

Would I leave the behavior as is for the Microsoft Compiler? Sure, don't fix what ain't broke.
Would I leave the behavior as is for the GNU Compiler Collection? Sure, don't fix what ain't broke.
Would I leave the spelling of my name as it is? Sure, don't fix what ain't broke.

I was simply trying to illustrate and provide sustinance to this opinion. If that offends you, well, I just hope you arn't planning to become a scientist. Or a polititian. Or a philosopher. Or religious. Or anything else that might involve trying to back up one's opinions/beliefs, or dealing with people who care to do the same.

-Mike

Share this post


Link to post
Share on other sites
WISMAK    100
No it does not offend me at all, but all the answers are totally irrelevant to the question.

In my opinion it's a very strong MS Visual C++ feature and it's not about name mangling.
It's about binary level protection mechanism which should be part of the standard.

Share this post


Link to post
Share on other sites
krez    443
the responses are relevant, and it is not a feature. it is coincidence, and should not be relied on.

the general idea is that when you mark something as private or protected, it is so other programmers get a compile error if they try to directly access those private/protected members. if they deliberately circumvent those safety measures, it is their own damn fault when their program breaks. as someone who wants to publish their code/library/whatever, why should you care if someone goes out of their way to use it incorrectly and screws themself over?

Share this post


Link to post
Share on other sites
Sneftel    1788
Quote:
Original post by WISMAK
In my opinion it's a very strong MS Visual C++ feature and it's not about name mangling.

Read my post from before. This is an easy mechanism to hack through. IT IS NOT INTENDED FOR SECURITY.
Quote:
It's about binary level protection mechanism which should be part of the standard.

C++ access protection is NOT INTENDED FOR SECURITY.

Share this post


Link to post
Share on other sites
MaulingMonkey    1728
Quote:
Original post by WISMAK
No it does not offend me at all, but all the answers are totally irrelevant to the question.

In my opinion it's a very strong MS Visual C++ feature and it's not about name mangling.
It's about binary level protection mechanism which should be part of the standard.


1) The answers are indeed relevant, although you are apparently unable to see that due to your own overbearing opinion which blinds you to those of others. You state yours, I state mine, you then appear to get huffy.

2) Your opinion that it's a very strong feature seems to center around the fact that you consider it a "protection mechanism". Protection from WHAT, may I ask? I'm asking you to clarify, because I explained how it dosn't protect you from yourself, nor does it protect you or your data from others, and you've deemed both these points to be irrelevant. These are the only things that spring to mind, so I'm left drawing a blank.

3) It most certainly should not be part of "the standard", regardless of wheither or not it's a strong feature. The last thing we need to do is to bog down the standard with forced features when the standard itself STILL hasn't been completely implemented on industry standard compilers (extern templates anyone?).

What about common binary languages, how is a language with no concept of a private/protected/public scope supposed to know which symbol to link against when there's 3+ different identifiers that it MIGHT link to? GCC supports more languages than Microsoft's compilers, placing such arbitrary requirements could break otherwise working systems.

Share this post


Link to post
Share on other sites
WISMAK    100
Okay okay we're not fighting here! calm down!

What if there's a supposedly privated variable in the class which I don't want any client to access it's content directly without using the specified restricted get*** memebr functions because if they were able they could hack into the library and do good things from their perspectives not mine or even be able to know working internals of the library.

Design patterns? May solve the problem. But Finding that FEATURE in the great compiler of the great company is something awsome and solves my problem.

Share this post


Link to post
Share on other sites
Sneftel    1788
Quote:
Original post by WISMAK
Design patterns? May solve the problem. But Finding that FEATURE in the great compiler of the great company is something awsome and solves my problem.

Alright, I'm going to say this in boldface. MICROSOFT VISUAL C++ DOES NOT HAVE ANY FEATURE WHICH PROTECTS PRIVATE MEMBER VARIABLES IN DLL CLASSES FROM BEING ACCESSED BY ATTACKERS. Does not have it. If you release a DLL with a class which has a private member variable, I can write a program which will access that private member variable. There is NO SECURITY BEING OFFERED. If you need the private member to remain private, THIS WILL NOT HELP YOU. It DOES NOT DO WHAT YOU THINK IT DOES.

Got it? [smile]

Share this post


Link to post
Share on other sites
Guest Anonymous Poster   
Guest Anonymous Poster
Quote:
Original post by WISMAK
What if there's a supposedly privated variable in the class which I don't want any client to access it's content directly without using the specified restricted get*** memebr functions because if they were able they could hack into the library and do good things from their perspectives not mine or even be able to know working internals of the library.


Then they can do it all the same, even with your Visual C++ Compiler. I mentioned this in Q3, and I showed you how to break it in the first post of this thread. Prehaps I need to break it down more for you?:

//dll_header.hh
class foo {
private:
int bar;
public:
void set_bar( int new_bar ) {
bar = new_bar;
}
};

foo * get_me_a_foo();

//dll_source.cpp
#include "dll_header.hh"

foo my_foo;

foo * get_me_a_foo() {
my_foo.set_bar( 42 );
return &my_foo;
}

//evil_program_of_doom.hh
class foo {
public:
int bar;
};

foo * get_me_a_foo();

//evil_program_of_doom.cc
int main () {
foo * the_foo = get_me_a_foo();
std::cout << the_foo->bar << std::endl; //prints 42, even though our DLL is built with bar as "private".
}

Share this post


Link to post
Share on other sites
MaulingMonkey    1728
^^^^ me, silly thing logged me out :( ^^^^
evil_program_of_doom.cc should include evil_program_of_doom.hh

Further, I am quite calm. Confused by you, but calm nonetheless. I've only posted fact, request for clarification on what we're talking about soas to address your misbelief with regards to this otherwise irrelevant compiler implementation detail, and my beliefs drawn from your defensive nature and seeming unwillingness to attempt to understand what's being said when it seems to conflict with what you think you know, which I state only to attempt to confirm, deny, or make yourself aware of such a possibility.

Besides, today was a beautiful day, not a cloud in the sky, nice and hot, and accompanied by tasty doses of caffeine. How could I not be calm? Well, except for the fact that I have no plunger and my toilet has clogged badly after shitting [lol]... (I suppose I should go out and buy one tomorrow... speaking of which, what does one usually do after plunging a shit filled toilet? Wash off said plunger with a hose?)

[Edited by - MaulingMonkey on July 19, 2005 12:40:58 AM]

Share this post


Link to post
Share on other sites
WISMAK    100
And what does this have to do with my question?

Is there any option in GNU gcc or icc that forces memebr access protection to be binary like in Visual C++?

Thanks.

Share this post


Link to post
Share on other sites
SiCrane    11839
Visual C++ doesn't "force access protection to be binary." Most likely what happened in your case is that the difference in class definition caused name mangling to be different which made it seem like MSVC had some sort of binary protection. But it doesn't. You're trying to duplicate non existant functionality.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this