summaryrefslogtreecommitdiffstats
path: root/security-blueprint/part-4/1-General.md
diff options
context:
space:
mode:
Diffstat (limited to 'security-blueprint/part-4/1-General.md')
-rw-r--r--security-blueprint/part-4/1-General.md16
1 files changed, 16 insertions, 0 deletions
diff --git a/security-blueprint/part-4/1-General.md b/security-blueprint/part-4/1-General.md
index 6f951db..2811514 100644
--- a/security-blueprint/part-4/1-General.md
+++ b/security-blueprint/part-4/1-General.md
@@ -187,6 +187,14 @@ Kernel-General-Drivers-3 | Other `hotplug` bus | _Disabled_
## Position Independent Executables
+<!-- todo -->
+
+Domain | Improvement
+-------------------------------- | -----------------------------
+Kernel-General-IndependentExec-1 | Kernel or/and platform part ?
+
+<!-- endtodo -->
+
<!-- config -->
Domain | `compiler` and `linker` options | _State_
@@ -220,6 +228,14 @@ During program load, all dynamic symbols are resolved, allowing for the complete
## Library linking
+<!-- todo -->
+
+Domain | Improvement
+------------------------------- | ---------------
+Kernel-General-LibraryLinking-1 | Keep this part?
+
+<!-- endtodo -->
+
It is recommended that dynamic linking should generally not be allowed. This will avoid the user from replacing a library with malicious library. All libraries should be linked statically, but this is difficult to implement.
<!-- config -->