使用openssl librypto.a库时,安全漏洞报告为后门
我的C代码使用 librypto.a 库在实现RSA算法的最后阶段链接到编译的源代码。 完成漏洞扫描后,它带有以下Yara签名匹配:
YARA签名“ ldpreload” 根据指示器作为“后门”,“ dlopen,dlsym,fopen,fopen,fopen64646464” ,__ fxstat,接受,接受,打开,打开,开放,opendir,readdir“
这是因为我使用libcrypto.a open ssl库。我认为这是一个广泛用于实现Crypro算法的库。如何减轻此问题?应该尝试将其列入该白名单,因为我找不到在C中实现RSA的任何其他方法,而无需使用OpenSSL库。
My C code uses librypto.a library to link to the compiled source code at the final stage for implementing RSA algorithm.
When a vulnerability scan was done, it comes back with a YARA signature match for the following:
YARA signature "ldpreload" classified file as as "backdoor" based on indicators: "dlopen,dlsym,fopen,fopen64,__fxstat,accept,Accept,open,Open,OPEN,opendir,readdir"
This is because I use the libcrypto.a library from Open SSL. I thought this is a widely used library for implementing crypro algorithms. How to mitigate this issue? Should try to get this whitelisted as I was not able to find any other way of implementing RSA in C without having to use OpenSSL libraries.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论