Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Clarification needed for projects linking against prebuilt static libraries #705

Open
thomasnyman opened this issue Dec 12, 2024 · 0 comments · May be fixed by #706
Open

Clarification needed for projects linking against prebuilt static libraries #705

thomasnyman opened this issue Dec 12, 2024 · 0 comments · May be fixed by #706
Assignees
@thomasnyman
Labels
Product: Compiler Hardening Guide

Comments

@thomasnyman
Copy link
Contributor

From @jduck via the OpenSSF Slack:

Recently I discovered that taking dependency on third party proprietary (prebuilt) static libraries can lead to a false sense of security. Compiling all your code with these flags can't add them to these linked libraries. It's important to understand what you're linking against too.

@david-a-wheeler suggested this might be worth a brief note in the Compiler Hardening Guide as it may be easily overlooked
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@thomasnyman thomasnyman

Labels
Product: Compiler Hardening Guide
Projects
None yet
Milestone
No milestone
1 participant
@thomasnyman