Closed
Description
For a few years, users have been reporting that libskylight.so, a compiled Rust binary, is triggering an Amazon "Application Security Best Practices" inspection with a "High" severity.
The issue is tracked on our tracker but we've not had great luck tracking down the source of the problem.
We're using Cargo to compile a staticlib, and then turning it into an so with a bit of postprocessing via gcc with these settings:
--shared -Wall -lrt -Wl,--gc-sections -Wl,--version-script ./skylight.map
We don't do anything special with stack-protector or nxcompat.
Our best guess at the moment is that the Rust compiled output is somehow tripping these alerts, but we don't have many leads.