IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [library]

A library is a collection of software routines made available to other programs through a well-documented interface.

A library is a collection of software behavior and resources that are available for use by other software programs that are being run on the computer. They may be provided as pre-compiled binary code or as source code. Each version of a library comes with a documented interface.

The difference between a library and a service is that services execute independently of the clients, listening for new communications to come in over a network connection. Libraries don't normally execute on their own; their routines are loaded and executed by the client in the context of the main program.

39 questions
1
vote
1 answer

Malicious .so Library creation in CVE-2017-7494 Sambacry

I'm trying to understand the whole process behind the Sambacry exploit. The problem is that I'm having a little problem understanding how do you create the malicious .so library to be loaded by the exploit. I tried several techniques and they don't…
oscillat0r
  • 61
  • 5
1
vote
2 answers

Disclosing used Libaries in App

Me and a colleague were discussing the fact that due to licensing we need to disclose a couple of libraries we used in the development of an Android app we make. I said, from a security standpoint it would probably be better to disclose the bare…
Black Magic
  • 1,212
  • 1
  • 10
  • 15
1
vote
0 answers

How can I protect against cross-build injection and other dependancy management threats in Play Framework?

I am using Play Framework's inbuilt dependancy management to download a library (HTMLUnit), to do this I add the dependancy to the build.sbt file like so: libraryDependencies += "net.sourceforge.htmlunit" % "htmlunit" % "2.20" The dependancy is…
DominoSug
  • 31
  • 3
0
votes
2 answers

What should be a good Open Source dependency scanning frequency?

We use Snyk as our open source dependency scanner. We currently scan for vulnerable libraries on every pull request and this causes overhead to our developers. What would be a good open source vulnerability scanning frequency? Should it be weekly,…
parag
  • 1
  • 1
0
votes
2 answers

Is there any such thing as an independent code vetting project which works for free to vet open source projects?

I'm sure I'm not the only one who is scared to death to blindly trust random strangers with all my data. Which is the case in practice if, for example, I'm to use this library right now, which I'm about to: https://github.com/jfcherng/php-diff It is…
X. Stoaks
  • 1
0
votes
1 answer

Am I missing something in regards to using third-party PHP libraries?

I "minimally trust" the PHP and PostgreSQL projects to provide non-compromised binaries of their respective programs, which I both depend on. This means that I trust them in the sense that I have no real choice but to trust them. However, I have…
Agusta Kallon
  • 9
  • 1
0
votes
1 answer

Why in LD_PRELOAD exploit we call unsetenv(LD_PRELOAD)?

Why to exploit LD_PRELOAD like is shown here https://touhidshaikh.com/blog/?p=827 in the .c file the first instruction is unsetenv(LD_PRELOAD)? Is it a routine action which all shared libraries do? Or what? I've tried to run the exploit without…
Maicake
  • 497
  • 1
  • 3
  • 13
0
votes
1 answer

Vulnerability in Composer/MeekroDB WhereClauseTest.php?

I have a development webserver for which the domain is not published or used (legitimately) by anyone other than me. However, I'm seeing hits in my access and error log for the following file from unknown IP…
Ryan Griggs
  • 125
  • 5
-2
votes
2 answers

What to do when you simply cannot trust anyone or anything anymore?

I've found this PHP library for detecting/guessing the language of a given string: https://github.com/patrickschur/language-detection I would have massive use of this. I would really like to use it. But I cannot. All I can think is this: What if,…
Oman
  • 1
1 2
3