Re: Three steps we could take to make supply chain attacks a bit harder

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Am 02.04.24 um 10:22 schrieb Florian Weimer:
  - Can some wrappers be developed to make it both easier and safer?
GCC already provides function multi-versioning/target clones as a
higher-level interface.


Also, upstreams should by default properly mark their stuffs with
restrictive visibilities.

While we are a few decades to change the defaults, that doesn't mean
that one can't choose the better option. So, by default one should
choose -fvisibility=hidden and mark the public API with
__attribute__((visibility("protected"))) or, if they really want a
function to be interpositionable (by e.g. LD_PRELOAD) as
__attribute__((visibility("default"))).

As a side effect, if you ever want your library be usable on Windows,
you need to do that anyway since hidden is the default there and your
public API must be marked explicitly. (Also, Windows doesn't support
interposition and also doesn't support cyclic library dependencies
without complicated hacks. So yeah, Windows kinda has the better
defaults here.)

Some newer languages do that anyway already, but we obviously can't just
change it for C and C++ projects.

But depending on the architecture this may not necessarily be possible.
So yeah, only upstream can do that, not us.


Regards

Kilian Hanich
--
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux