Skip to content

Amazon "Application Security Best Practices" Alert Firing #47345

Closed
@wycats

Description

@wycats

For a few years, users have been reporting that libskylight.so, a compiled Rust binary, is triggering an Amazon "Application Security Best Practices" inspection with a "High" severity.

The issue is tracked on our tracker but we've not had great luck tracking down the source of the problem.

We're using Cargo to compile a staticlib, and then turning it into an so with a bit of postprocessing via gcc with these settings:

--shared -Wall -lrt -Wl,--gc-sections -Wl,--version-script ./skylight.map

We don't do anything special with stack-protector or nxcompat.

Our best guess at the moment is that the Rust compiled output is somehow tripping these alerts, but we don't have many leads.

Metadata

Metadata

Assignees

No one assigned

    Labels

    C-enhancementCategory: An issue proposing an enhancement or a PR with one.T-compilerRelevant to the compiler team, which will review and decide on the PR/issue.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions