0

A client is asking that we follow their security standards and implement stack smashing protection (SSP) in the in-house (i.e. intranet) Blazor apps that we are developing for them. (Working with VS 2022, .NET 6.0)

I had not heard of that term before. In researching, it seems to primarily deal with stack/buffer overflow prevention. Also, that the GCC compiler utilizes this type of protection. Other articles I have found refer to iOS and Android apps.

I am aware that there are best practices that we can do programmatically to minimize overflow risks, but is there a SSP 'feature' that can be enabled in Blazor?

I have gone through the Microsoft documentation for C# compiler options, but cannot find such a feature or flag that could be set to enable SSP.

BarnumBailey
  • 391
  • 1
  • 4
  • 13
  • 1
    It would be explained by the fact that the c# language wouldn't allow it except when specifically trying to disable the protection (ex: see `unsafe` and `unchecked` keywords). Therefore, I guess if you didn't make it possible in the code, buffer overflow protection is by default enabled in c# as good as the embedded protection could be. However, I don't have any better source that some SO answers I read and the doc about `unsafe`, `checked` and `unchecked` keywords. – T.Trassoudaine Apr 03 '23 at 16:08
  • Trassoudaine, thank you for your response. I am familiar with those flags/keywords, and will not be disabling them. – BarnumBailey Apr 03 '23 at 18:42

0 Answers0