Intended Security Hole? (page 2)

October 25, 2012
Re: Intended Security Hole?
Posted by Maxim Fomin
in reply to Manfred Nowak
Permalink
Maxim Fomin
Posted in reply to Manfred Nowak
Permalink
On Thursday, 25 October 2012 at 12:43:34 UTC, Manfred Nowak wrote:
> Maxim Fomin wrote:
>
>> Then disable behavior by marking class or function as a final.
> Do you really mean by this, that "aspect programming" is impossible in
> D?
> Or that marking `final' is enough?

I mean that if you mark function in Base class as final or
private, you can be sure that derived classes do not override
functions you want to be non-overriden. So, if virtual call
creates problems for you, you can disable it.

>> provide an example how you can do this.
> I was in fear and posted an approach. But I was not sure. Therefore I
> asked for a proof, that my fear had not cause in reality.
> Your demand for an example only expresses, that you too are guided by
> expectations only, not by proofs.
>
> - manfred

I definitely not driven by fear whether declared only functions can be
hijacked at runtime or not. References to functions with omitted
bodies are captured by linker at link-time at
implementation-defined and platform specific manner. At linux if
you provide multiple definition of same symbol order of arguments
does matter. At windows either linker complains about twice
defined symbol or reject linking at all - I don't remember. This
is not important because linking is typically under of your
rather than "unknown coder" control. At runtime it is possible to
use system facilities and hacking tools by "unknown coder" to
overwrite memory for attacking purposes and may be for changing
implementation of some function. But this affects functions with
definitions as well as functions with omitted bodies and is
unrelated to how one language treats functions without
definitions.

I don't understand what is an issue: treating declared only functions by dmd, virtual calls or changing function implementation at runtime.
Forums
