I understand C# compiles down to byte code similar to Java but are there any compiler flags like the safeseh or gs flags for C/C++ applicable to C#? I'm not sure if they would be necessary as presumably all these things are implemented in the CLR?
Asked
Active
Viewed 1,466 times
0
-
1@CamiloTerevinto He is doing a very precise question about two compiler flags, one that protects about buffer overruns (gs) and another is for the SEH handling, that is something connected with Windows exceptions. From [here](https://stackoverflow.com/a/25082361/613130) it seems that it is something connected to security against attacks. I don't think giving him a blank list of flags will help him much – xanatos Jun 03 '18 at 16:04
-
I'm not sure what the reason is for all the downvotes here. This seems like a reasonable question which a C# expert should be able to answer easily enough. And sure enough... – Paul Sanders Jun 03 '18 at 21:35
1 Answers
3
There are no security flags in the C# compiler that I remember, if we exclude the /unsafe that disables the possibility of writing C# code with raw C pointers. Even without that flag, you can often write equivalent "unsafe" code in other ways that will compile, so that flag is a red herring.
Protection against buffer overruns and similar attacks is included for free in .NET thanks to how strings and arrays are handled. You can't write after the end of an array (and nearly all the other collections of .NET are base internally on arrays), and you can't write to strings (they are immutable, and when you allocate them you allocate them with the "right" size for their content, that is decided and fixed upon creation of the string).
Note that you can still easily make a C# program crash (by passing illegal data for example... a text when a number is expected), but this crash (in truth normally one Exception) won't permit you to take control of the machine, or to overwrite pieces of memory.
xanatos
- 109,618
- 12
- 197
- 280