I would like to know in what manner dangling pointers affect the
security of a application developed using C++.What are the loopholes
that are created by dangling pointers and how they could be exploited
by hackers?.
Aravind
13  3067 
Aravind wrote:
I would like to know in what manner dangling pointers affect the
security of a application developed using C++.What are the loopholes
that are created by dangling pointers and how they could be exploited
by hackers?.
Do you have any idea what 'dangling pointers' are?
--
Karl Heinz Buchegger kb******@gascad .at
Aravind posted: I would like to know in what manner dangling pointers affect the
security of a application developed using C++.What are the loopholes
that are created by dangling pointers and how they could be exploited
by hackers?.
Aravind
You are way way wayyyyyyyy off!
First, what do hackers do? They access computers and networks via the
Internet and do things that you don't want them to do.
How do you stop them? Don't give them the ability in the first place!
Sounds simple? So why do people get "hacked"? Mainly because Microsoft is
stupid; it enables things like "file sharing" and "printer sharing" via the
internet protocol TCP/IP. Hackers exploit the ability *that has explicitly
been given to them*.
Now, dangling pointers:
int* pChocolate = new int;
delete pChocolate;
*pChocolate = 5;
That's what a dangling pointer is, and as you can see, it has nothing at all
whatsoever to do with hacking and/or hackers.
Hope that helps.
-JKop
JKop wrote: First, what do hackers do? They access computers and networks via the
Internet and do things that you don't want them to do.
Actually, they don't. That's what the media made out of the word
"hacker". A hacker is actually just a programmer who is good at
programming and who likes it.
Rolf Magnus wrote: JKop wrote:
First, what do hackers do? They access computers and networks via the
Internet and do things that you don't want them to do.
Actually, they don't. That's what the media made out of the word
"hacker". A hacker is actually just a programmer who is good at
programming and who likes it.
My understanding (or definition) of hacker is one who attempts
a task without reading or finding out how to do it first.
When I was growing up, hackers would figure out how to log into
other computers and browse. No malicious intent, just bragging
rights. Other hackers would attempt to write editors starting
from the bottom up without any pre-design.
At some point in time, hacker was designated with a negative
conontation (sp!). This was due to the few who were malicious.
Now, the malicious ones are hired by "The Dark Side" for
"evil purposes".
So much for being able to play "Global Thermonuclear War"
on the "Wombat" computer. "Want to play a game?"
--
Thomas Matthews
C++ newsgroup welcome message: http://www.slack.net/~shiva/welcome.txt
C++ Faq: http://www.parashift.com/c++-faq-lite
C Faq: http://www.eskimo.com/~scs/c-faq/top.html
alt.comp.lang.l earn.c-c++ faq: http://www.raos.demon.uk/acllc-c++/faq.html
Other sites: http://www.josuttis.com -- C++ STL Library book
Thomas Matthews wrote: Rolf Magnus wrote: JKop wrote:
First, what do hackers do? They access computers and networks via the
Internet and do things that you don't want them to do.
Actually, they don't. That's what the media made out of the word
"hacker". A hacker is actually just a programmer who is good at
programming and who likes it.
My understanding (or definition) of hacker is one who attempts
a task without reading or finding out how to do it first.
When I was growing up, hackers would figure out how to log into
other computers and browse. No malicious intent, just bragging
rights. Other hackers would attempt to write editors starting
from the bottom up without any pre-design.
Yes, something like that. For doing that, you would need to be very good
at programming and also like it, so it's more or less consistent with
my definition. I just couldn't put it in words as good as you could.
At some point in time, hacker was designated with a negative
conontation (sp!). This was due to the few who were malicious.
Now, the malicious ones are hired by "The Dark Side" for
"evil purposes".
And now, most people only know those malicious ones, because they are in
the media, and movies and novels are written about them.
Only few people would realize that the "Linux Kernel Hacker's Guide" is
not about breaking into linux systems.
So much for being able to play "Global Thermonuclear War"
on the "Wombat" computer. "Want to play a game?"
--
"computer games don't affect kids. I mean if pac man affected us as
kids, we'd all run around in a darkened room munching pills" My understanding (or definition) of hacker is one who attempts
a task without reading or finding out how to do it first.
the definition of hacker i've always known is someone who does something
unorthodox and/or inelegant, just to get something done. bypassing
passwords to enter a secure area is a little unorthodox, so the
definition extends to cover that group.
When I was growing up, hackers would figure out how to log into
other computers and browse. No malicious intent, just bragging
rights. Other hackers would attempt to write editors starting
from the bottom up without any pre-design.
Yes, something like that. For doing that, you would need to be very good
at programming and also like it, so it's more or less consistent with
my definition. I just couldn't put it in words as good as you could.
i agree except that you don't necessarily *need* to be good at
programming (or even fond of it) to hack a working program together. it
would probably be a mess, and an embarrasment to any professional
programmer with dignity, but it would work.
that said, the best hackers would tend to be ones who are very good,
because they would be the ones thinking outside the box.
to me, a hacker is someone who "just gets it done, and damn the
torpedos". that doesn't necessarily imply competence or enjoyment,
although there will be a high degree of correlation. hacker is a kind of
play derogatory, too. both a hacker and a very good programmer may get a
job done, but only the good programmer should be proud of his work. At some point in time, hacker was designated with a negative
conontation (sp!). This was due to the few who were malicious.
Now, the malicious ones are hired by "The Dark Side" for
"evil purposes".
And now, most people only know those malicious ones, because they are in
the media, and movies and novels are written about them.
Only few people would realize that the "Linux Kernel Hacker's Guide" is
not about breaking into linux systems.
there's a whole subculture with it's own parlance and jargon that
differentiates between hacker, crackers, phreakers, sneakers and so on.
i don't know all the subtleties of it, but i believe that the kind of
person who breaks into things is a cracker. they may or may not have
hacked their way in, depending on the elegance of the method, but in the
end, the result is that they've cracked the system - not "hacked" the
system. So much for being able to play "Global Thermonuclear War"
on the "Wombat" computer. "Want to play a game?"
bonus points for obscure pop culture reference ^_^
for the record, i have never heard of any instance when a dangling
pointer caused a security issue - and i have no idea how one could be
(except by a monumental fluke, and even then, it would likely not be a
deterministical ly reproducable problem). crashes, yes. odd behaviour,
yes. buffer overruns on the other hand....
mark
Thomas Matthews wrote: Rolf Magnus wrote: JKop wrote:
First, what do hackers do? They access computers and networks via the
Internet and do things that you don't want them to do.
Actually, they don't. That's what the media made out of the word
"hacker". A hacker is actually just a programmer who is good at
programming and who likes it.
My understanding (or definition) of hacker is one who attempts
a task without reading or finding out how to do it first. http://www.xemacs.org/Documentation/...ls_1.html#SEC1
1. A History of Emacs
XEmacs is a powerful, customizable text editor and development environment.
It began as Lucid Emacs, which was in turn derived from GNU Emacs, a
program written by Richard Stallman of the Free Software Foundation. GNU
Emacs dates back to the 1970's, and was modelled after a package called
"Emacs", written in 1976, that was a set of macros on top of TECO, an old,
old text editor written at MIT on the DEC PDP 10 under one of the earliest
time-sharing operating systems, ITS (Incompatible Timesharing System). (ITS
dates back well before Unix.) ITS, TECO, and Emacs were products of a group
of people at MIT who called themselves "hackers", who shared an idealistic
belief system about the free exchange of information and were fanatical in
their devotion to and time spent with computers. (The hacker subculture
dates back to the late 1950's at MIT and is described in detail in Steven
Levy's book Hackers. This book also includes a lot of information about
Stallman himself and the development of Lisp, a programming language
developed at MIT that underlies Emacs.)
--
STH
Hatton's Law: "There is only One inviolable Law"
KDevelop: http://www.kdevelop.org SuSE: http://www.suse.com
Mozilla: http://www.mozilla.org
Aravind wrote:
I would like to know in what manner dangling pointers affect the
security of a application developed using C++.What are the loopholes
that are created by dangling pointers and how they could be exploited
by hackers?.
Aravind
Dangling pointer: http://catb.org/~esr/jargon/html/D/d...g-pointer.html
In a language such as C++, a dangling pointer isn't particularly a problem, in
and of itself. In languages where pointers are abstracted away (e.g. Java),
there can be all sorts of negative consequences because of the implied notion
that a pointer only points to something valid (or possibly null).
Common code practices indicate that a pointer should either: point to something
valid, or be set to null. Under this practice, usage of a valid pointer will
result in defined behavior, usage of a null pointer will result in an exception
or program termination. However, using a dangling pointer is completely
undefined, and there is where a potential problem can be exploited, but it is
going to be very system specific behavior.
So, suppose that there is a system & application where it is known that there
is some sequence of steps that results in (internally) a dangling pointer.
Additionally, occasionally that dangling pointer may eventually point to a
portion of memory that contains security (access-control) related information.
That dangling pointer, could then conceivable be exploited to be used to write
to (what is presumed) secure parts of memory, changing access control, and
possibly granting additional (unintended) access to the user.
Note that this is only one scenario, there is no single or unified answer to
your question.
Julie posted: So, suppose that there is a system & application where it is known that
there is some sequence of steps that results in (internally) a dangling
pointer.
int* pBozo = new int;
delete pBozo;
//AHHH!!!! Dangling pointer!
Additionally, occasionally that dangling pointer may
eventually point to a portion of memory that contains security
(access-control) related information.
pBozo = GenerateSuperDu perRandomMemory Address();
That dangling pointer, could then
conceivable be exploited to be used to write to (what is presumed)
secure parts of memory, changing access control, and possibly granting
additional (unintended) access to the user.
BULL
SHIT
BULL
SHIT
Note that this is only one scenario, there is no single or unified
answer to your question.
Dangling pointers are not a problem at all whatsoever.
-JKop This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: John |
last post by:
Hi:
Below is a simple code:
class link1
{
public:
link1();
link1(int &b1, double &b2);
int* a1;
|
by: __PPS__ |
last post by:
Hello everybody
in a quiz I had a question about dangling pointer:
"What a dangling pointer is and the danger of using it"
My answer was:
"dangling pointer is a pointer that points to some area of ram that's
not reserved by the program. Accessing memory through such pointer is
likely to result in core dump (memory access violation)"
|
by: Richard |
last post by:
My experience has always been that you're SOL when trying to safely
detect and stop references to dangling memory (non-null pointers to
free'ed blocks) at runtime (C99, Linux).
Maybe somebody clever has worked this out, though?
(Apologies to those who find the question off topic for CUP or CLC)
|
by: shivapadma |
last post by:
1.when referenced pointer is not active then it is called dangling pointer.
is this correct ?
2.the pointer which does not point to anything is called null pointer.
is NULL macro is a value for null pointer?
3.then what is void pointer?
|
by: sicarie |
last post by:
I saw this on Slashdot and thought it was interesting. There's no released POC as far as I know, but i was curious. How do you guys find things like dangling pointers? (Blackbox testing, trusting the compiler, etc...?)
| | |
by: vsrinivas |
last post by:
what is dangling pointer ?And when it will occur in applications?
|
by: sridhard2406 |
last post by:
Hi All,
I have a doubt on undrestanding Dangling pointers.Below I mentioned sample code. please let me know, my view on Dangling pointers is correct or not?
main( )
{
char *a,*b,*c;
a = (char *)malloc(40);
b = a;
c...
|
by: Rafael Anschau |
last post by:
I read that you should assign null (0) to all pointers that you call
delete on.
Does that mean:
*p=0(set the value pointed to to 0).
or
p=0(set the address held to zero).
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then...
| | |
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |
