←back to thread

Compiler Options Hardening Guide for C and C++

(best.openssf.org)
232 points pjmlp | 1 comments | 31 Mar 25 11:01 UTC | HN request time: 0.213s | source
Show context
MITSardine ◴[31 Mar 25 12:52 UTC] No.43534439[source]
If my C++ project is a simple utility supposed to take some files, crunch numbers, and spit out results, is there still the possibility it can be used for nefarious purposes?
replies(4): >>43535127 #>>43535170 #>>43535744 #>>43542888 #
1. kibwen ◴[31 Mar 25 14:00 UTC] No.43535170[source]
It doesn't matter what the tool does, what matters is 1) whether it is ever exposed to untrusted input, 2) what permissions it has.

If you don't ever expose something to untrusted input, then you're probably fine. But be VERY careful, because you should defensively consider anything downloaded off the internet to be untrusted input.

As for permissions, if you run a tool inside of a sandbox inside of a virtual machine on an airgapped computer inside a Faraday cage six stories underground, then you're probably fine.