英文:
Is Go vulnerable for buffer overflow
问题
我知道像C#这样的语言在没有使用不安全代码或进行内存管理时不容易受到缓冲区溢出的攻击。但是Go语言是否容易受到缓冲区溢出的攻击呢?
英文:
I know languages like c# aren't vulnerable to buffer overflows unless you marshal or use unsafe code. But is go vulnerable for buffer overflows?
答案1
得分: 17
Go在字符串、数组和切片中检查边界,因此只要不使用unsafe包进行操作,它就不会存在漏洞。
英文:
Go checks for bounds in strings, arrays and slices so it is not vulnerable as long as you are not playing around with unsafe package.
答案2
得分: 3
在快速搜索后,我找到了这个链接:http://0xdabbad00.com/2015/04/12/looking_for_security_trouble_spots_in_go_code/
它指出,相比于C语言,Golang在大多数“已知”攻击(“已知”指的是在C语言中使用的攻击)方面是安全的。例如,没有指针算术运算,没有手动内存管理,使得它更不容易出现导致“可利用”代码的错误。
我不是Golang的专家,但它似乎是一种经过深思熟虑的语言,具有良好的环境(标准库、编译器等)。
英文:
After a quick search I found this link: http://0xdabbad00.com/2015/04/12/looking_for_security_trouble_spots_in_go_code/
It states that golang is safe from most "known" attacks ("known" as in used in C). For instance, the fact that there is no pointer arithmetics, no manual memory management make it less prone to errors that would lead to "exploitable" code.
I'm no expert of golang but it seems like a well thought language with a good environment (std lib, compiler, etc...)
答案3
得分: 1
"Go语言总体上是一种安全的语言。它内置了内存安全措施,应该可以避免常见的缓冲区溢出漏洞,就像它们经常存在于C程序中一样。"
https://dev.to/jlauinger/exploitation-exercise-with-unsafe-pointer-in-go-information-leak-part-1-1kga
正如上面所说的,"unsafe"标准库包破坏了这种内存安全性。通过使用"unsafe.Pointer",我们可以创建任意类型的指针。
所以就像@Grzegorz Żur所说的,只要不使用"unsafe"包进行操作,Go语言就不会存在漏洞。
祝好!
英文:
"Go in general is a safe language. It has memory builtin safety measures that should avoid common buffer overflow vulnerabilities, like they often exist in C programs."
https://dev.to/jlauinger/exploitation-exercise-with-unsafe-pointer-in-go-information-leak-part-1-1kga
As also said there "The unsafe standard library package defeats this memory safety. With unsafe.Pointer, we can create a pointer of arbitrary type."
So like @Grzegorz Żur said it is not vulnerable as long as you are not playing around with unsafe packages.
Cheers
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论