-
Notifications
You must be signed in to change notification settings - Fork 5.9k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
3 changed files
with
60 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,44 @@ | ||
--- | ||
title: "Breaking change: CET supported by default" | ||
description: Learn about the breaking change in interop in .NET 8 where CET is supported by default. | ||
ms.date: 10/04/2024 | ||
--- | ||
# CET supported by default | ||
|
||
`apphost` and `singlefilehost` are now marked as Intel CET—compatible (they're compiled with the `/CETCOMPAT` option). This change was made to enhance security of .NET applications. However, it imposes a limitation on the shared libraries that .NET apps can load and interop with. Libraries aren't allowed to set thread context to a location with an instruction pointer that's not present on the shadow stack or in a table of allowed continuation addresses for exception handling. | ||
|
||
## Previous behavior | ||
|
||
Previously, shared libraries loaded into the .NET process were able to set thread context using <xref:Microsoft.VisualStudio.CorDebugInterop.ICorDebugProcess.SetThreadContext(System.UInt32,System.UInt32,System.IntPtr)>, `RtlRestoreContext/NtContinue`, or their exception handlers to any location in the process address space. | ||
|
||
## New behavior | ||
|
||
Starting in .NET 9, shared libraries loaded into the .NET process are only allowed to set thread context using <xref:Microsoft.VisualStudio.CorDebugInterop.ICorDebugProcess.SetThreadContext(System.UInt32,System.UInt32,System.IntPtr)>, `RtlRestoreContext/NtContinue`, or their exception handlers to locations that are either: | ||
|
||
- Present on the shadow stack. | ||
- In a table of allowed continuation addresses for exception handling (generated by the `/EHCONT` compiler option or the `SetProcessDynamicEHContinuationTargets` API). | ||
|
||
If libraries try to change a thread context to any other location, the process is terminated. | ||
|
||
## Version introduced | ||
|
||
.NET 9 Preview 6 | ||
|
||
## Type of breaking change | ||
|
||
This change can affect [binary compatibility](../../categories.md#binary-compatibility). | ||
|
||
## Reason for change | ||
|
||
Enabling CET enhances the security of .NET applications by adding hardware-enforced stack protection that offers robust protection against ROP exploits (return-oriented programming). | ||
|
||
## Recommended action | ||
|
||
Workarounds: | ||
|
||
- You can opt out of CET by adding `<CETCompat>false</CETCompat>` to your app's project file (for example, *.csproj* file). | ||
- Use the Windows Security app or a group policy to opt out of the hardware-supported stack enforcement for the specific .NET application. For more information, see [Enable exploit protection](/defender-endpoint/enable-exploit-protection). | ||
|
||
## Affected APIs | ||
|
||
- N/A |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters