是缓冲区溢出攻击可能在C#中? [英] Are buffer overflow exploits possible in C#?
问题描述
假设一个C#程序只使用管理的.NET code,是有可能有该程序中的缓冲区溢出安全漏洞?如果是这样,怎么会这样的漏洞可能吗?
Assuming that a C# program uses only managed .NET code, is it possible to have a buffer overflow security vulnerability within that program? If so, how would such vulnerability be possible?
推荐答案
是的,但他们却难以产生。你只能得到缓冲区溢出,如果你使用某些不安全的结构,而不是与正常C#code。存储器损坏code不应该在所有可能的,当你的code与信任降低运行。
Yes, but they are much harder to produce. You can only get buffer overflows if you use certain unsafe constructs, and not with "normal" C# code. Memory corrupting code shouldn't be possible at all, when your code is running with lowered trust.
有几个可能性缓冲区溢出:
A few possibilities for buffer overflows:
- 使用
不安全
关键字,它允许指针。不安全code也同样容易出错,因为基于指针code C或C ++。 - 使用不安全的API,比如从
元帅
类的方法 - (只有单声道),您可以禁用阵列范围检查(安全性与性能的折衷)
- Using the
unsafe
keyword, which allows pointers. Unsafe code is just as easy to get wrong, as pointer based code in c or c++. - Using unsafe APIs, such as the methods from the
Marshal
class - (Mono only) You can disable array range checking (safety vs. performance trade-off)
此外,还有一些其他的方法来从缓冲区溢出损坏内存分开。
There are also a few other ways to corrupt memory apart from buffer overflows.
-
StructLayoutKind.Explicit
- 在错误的本地互操作性签名
(本身是用C ++运行时,在运行时这样的错误,也破坏内存或溢出的缓冲区,但我认为,超出范围的这个问题)的
这篇关于是缓冲区溢出攻击可能在C#中?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!