[Cs3] potential security issue with generic friends
Mikhail Nesterenko
mikhail at cs.kent.edu
Wed Feb 3 11:53:19 EST 2021
CS3 students,
This is regarding the potential security issue of using generic
friends with templates. A (general) templated friend function of a
class is a friend for all instanantiations of this class. So a
malicious programmer may write the definition of such function that
takes advantage of that.
I put an example that illustrates this problem here:
http://www.cs.kent.edu/~mikhail/classes/cs3/Examples/TemplateIntro/friendGeneralProblem.cpp
function equal() is declared friend of class "Myclass". Malicious
definition accesses private members of an unrelated global object ob2.
In that code, I commented out the specific friend definition that
avoids this problem.
Thanks,
--
Mikhail
More information about the cs3
mailing list