|
|
|
|
|
|
by markisus
764 days ago
|
|
|
In the hypothetical above, you won’t have any way to know which libraries are actually being used unless you read through the source code. Many libraries will transitively include protobuf, but most functions will not call protobuf. |
|
|
And, even though you might not see a way to call into the unused code, an attacker might find a way (XZ Utils).