stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 1 Releases Wiki Activity
Files
92536208334f3663fff4a850b39823cf7b31f9a8
git.stella-ops.org/docs/modules/scanner/operations/entrypoint-lang-ccpp.md
master 8da4e12a90 Align AOC tasks for Excititor and Concelier
2025-10-31 18:50:15 +02:00

1.3 KiB
Raw Blame History

Entry-Point Runtime — C / C++

Signals to gather

  • Dynamically linked ELF (.dynamic) with GLIBC references (GLIBC, GLIBCXX, libstdc++).
  • Presence of /lib64/ld-linux-*.so.* loaders.
  • Absence of Go/Rust-specific markers.
  • Native supervisor binaries (nginx, envoy, custom C services).
  • Config files adjacent to the binary (/etc/app.conf, YAML/INI).

Implementation notes

  • Treat this detector as the "native fallback": confirm no higher-priority language matched.
  • Collect shared library list to attach as evidence; highlight unusual dependencies.
  • Inspect EXPOSE ports and config directories to aid classification.
  • Normalise busybox-style symlinks (actual binary often /bin/busybox with applet name).

Evidence & scoring

  • Boost for ELF dynamic dependencies and loader presence.
  • Add evidence for config files, service managers, or env variables.
  • Penalise extremely small binaries without metadata (may be wrappers).

Edge cases

  • Static C binaries may look like Go; rely on build ID absence and library fingerprints.
  • When binary is part of a supervisor stack (e.g., s6-svscan), delegate classification to Supervisor.
  • Windows native services should be handled by PE analysis (entrypoint-runtime-overview.md).