3

I want to have some constant values in my program, for example, I have a constant value TimeLimit in a header which is commonly used in other classes, but I don't know if

#define TimeLimit 30

is more secure than

static const int TimeLimit=30;

Originally I want to use static const because it can cause less compile time when the value is changed, but after consideration of security I suspect if I should #define to improve security.

is it true that #define is more secure than static const because:

  1. "#define" is embedded in compiled code, while static int leaves a variable in memory, which a user can change the value of TimeLimit in memory content easily

  2. If using static const, it is easier for user to know the value of TimeLimit because extracting the value from memory is easier than extracting from compiled code.

is that right?

ggrr
  • 145
  • 3

2 Answers2

3

static const is more secure, but not for the reasons you're thinking of. It permits the compiler to perform type checking, which will catch a class of bugs that #define won't permit it to catch.

In regards to your specific concerns:

"#define" is embedded in compiled code, while static int leaves a variable in memory, which a user can change the value of TimeLimit in memory content easily

If using static const, it is easier for user to know the value of TimeLimit because extracting the value from memory is easier than extracting from compiled code.

In theory, this is true. In practice, every compiler in current widespread use will compile the two cases identically (give or take type-inference rules). In my testing with GCC, both a #define and a static const turned into the following assembly:

movl    $30, %eax

ie. move the literal value 30 into register EAX in preparation for performing an operation on it.

Now, there is one exception to this: if you're compiling with debug information, a static const value may be present in the debugging information where a #define will not. But you shouldn't be shipping debugging versions of software to anyone you don't trust -- or most people you do trust, for that matter.

Community
  • 1
Mark
  • 34,390
  • 9
  • 85
  • 134
0

From my understanding #define will indeed replace TimeLimit with the literal 30 when the preprocessor runs. It is not clear to me what the standard states on static const variables (if anything). For instance, if the compiler supports constant folding and the variable is only used in constant expressions, the expressions are evaluated at compile time and it is not clear to me if that variable will be in the data (global) segment of memory.

I'd imagine that if you have a dedicated adversary though that has access to your binary though that they will be able to reverse engineer these values. I think a better option for sensitive variables might be to use std::getenv and store these values as environment variables. However, if the adversary actually has access to your binaries they may also have access to your environment variables, so you might want to clarify your threat model.

puzzlepalace
  • 681
  • 3
  • 11