473,394 Members | 1,714 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > c / c++ > questions > security of static linking

Join Bytes to post your question to a community of 473,394 software developers and data experts.

security of static linking

Hi,
Does it have any difference in security, whether to compile a function
as a static lib and link it with a program or just add the function to
the source?
In other words, suppose we have two files, func.c containing a
function which is called in main and main.c containing the main
function. what is the difference when we link func.o with main.o to
make a binary, with linking func.lib with main.o to make the binary,
concerning security issues?

Regards,

Sep 14 '07 #1
2 1686
Mohsen A. Momeni wrote:
Does it have any difference in security, whether to compile a function
as a static lib and link it with a program or just add the function to
the source?
In other words, suppose we have two files, func.c containing a
function which is called in main and main.c containing the main
function. what is the difference when we link func.o with main.o to
make a binary, with linking func.lib with main.o to make the binary,
concerning security issues?
This is not a C language issue, per se.

[OT]
The biggest difference, I think, is the certainty of knowing that the
correct version of the specified function is linked. Using a library
means knowing that the version in the library file is the one you
expect. Possible failures are due to

1) modifying the function source and not updating the library
2) modifying the function source, updating the library, then linking
with the wrong version of the library
3) having someone alter the library file behind your bank.

Recompiling the and directly linking the source eliminates problems 1
and 2. Your source could still be modified behind your back, but that
would be relatively easier to detect on inspection.

Verified digital signatures or secure hash values can be used to help
verify copies of the various files.
[/OT]

--
Thad
Sep 14 '07 #2
Mohsen A. Momeni wrote:
Hi,
Does it have any difference in security, whether to compile a function
as a static lib and link it with a program or just add the function to
the source?
It depends.
In other words, suppose we have two files, func.c containing a
function which is called in main and main.c containing the main
function. what is the difference when we link func.o with main.o to
make a binary, with linking func.lib with main.o to make the binary,
concerning security issues?
In high security environment, we MAC or digitally sign the module,
beforehand. Hence, only modules which has been certified, can be
dynamically loaded. So, if I write new firmware for a cryptographic
blackboks, I need to send the code away for audit, compiling and
signing, else the boot software (of the blackboks) will reject the
firmware to be loaded.

In a low-security environment... well who care? A trick I have used to
reverse-engineer modules, is to write a spy module, which has identical
interface and name as the genuine library, and if I place the spy module
in the current dir, it will load before the genuine library.... if that
is searched before the other paths.

Hence, such a spy module can intercept and log every call made, and
change the calls on the fly...
--
Tor <torust [at] online [dot] no>
Sep 14 '07 #3
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

0
Static to Dynamic linking
by: Dibyendu Roy | last post by:
Hi All, I build an object called "dblorcle" to connect to oracle database in Sun solaris box. This is built linking with various oracle ".a" (archived, for static linking) files come with standard...
Oracle Database
6
Static libraries into C#
by: Andrew S. Giles | last post by:
Is it possible to bring in a static library (developed in C++) into a C# project/solution? Thanks in advance for any information. Andrew S. GIles
C# / C Sharp
8
DLL With Static Library Initialization Conflict
by: Robert A Riedel | last post by:
I have an application that requires a DLL and an executable that uses the DLL, both of which were implemented in Visual C++ using unmanged code. Both the executable and the DLL are linked with...
.NET Framework
0
linking in static library compiled in VC 6
by: zhangrusi | last post by:
I have a static library that is compiled using the latest version of VC 6. It uses the multithreaded DLL versions of the run-time library, and it uses STL classes. I would like to make use of this...
.NET Framework
1
static linking & dynamic linking
by: srikar | last post by:
what is the difference between static linking & dynamic linking, what are the advantages of each? How to perform static linking & Dynamic linking by using gcc -o liniking will be done , but...
C / C++
2
Static Linking C# .net
by: ashesman | last post by:
OK, I have written an application in MS Visual C# using .net. Is it posibble to static link into one self contained .exe file? This would certainly make distribution of a small accessory file...
C# / C Sharp
0
Linking vs8 c++ to FORTRAN static library
by: xieml2007 | last post by:
Dear Madam or Sir, I encountered one problem which is quite similiar to the discussions launched at the web site: http://www.thescripts.com/forum/thread280324.html
C / C++
6
Handling Security at Field Level
by: Keith Wilby | last post by:
I have an Access app with ULS applied. It has a main form and a subform with a 1:M relationship. My client wants some of his users to be able to edit 3 fields in the subform but read-only the...
Microsoft Access / VBA
4
linking error for static member variables
by: aaragon | last post by:
Hi everyone, I have a linking error when using gcc4.2 and static member variables. The class template definition is something around the following: template<> class Element<L2_t: public...
C / C++
0
Merging data from multiple Excel files
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
Data Management
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing
0
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Windows Server
0
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
General

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!