Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support go compiler flags for address sanitization and spectre mitigations #4591

Open
bnevis-i opened this issue Jun 7, 2023 · 0 comments
Open

Support go compiler flags for address sanitization and spectre mitigations #4591

bnevis-i opened this issue Jun 7, 2023 · 0 comments
Labels
1-low priority denoting isolated changes enhancement New feature or request security_audit Track issues that are related to CVE/CVSS/CWE auditing etc

Comments

@bnevis-i
Copy link
Collaborator

bnevis-i commented Jun 7, 2023
edited
Loading

🚀 Feature Request

Relevant Package [REQUIRED]

All golang components.

Description [REQUIRED]

A number of new security flags have been added to golang that should be integrated into our makefiles.

For binaries that interact with legacy C libraries, we should enable address sanitization, -msan -asan :
golang/go#44853

There are also flags to mitigate against speculative execution attacks, -spectre=index,ret
https://zchee.github.io/golang-wiki/Spectre/

Potentially, can do this:
GOFLAGS=-trimpath -mod=readonly -asmflags=all="-spectre=all" -gcflags=all="-spectre=all" -ldflags="-s -w"
@bnevis-i bnevis-i added enhancement New feature or request security_audit Track issues that are related to CVE/CVSS/CWE auditing etc labels Jun 7, 2023
@lenny-goodell lenny-goodell added the 1-low priority denoting isolated changes label Jan 8, 2024
@github-project-automation github-project-automation bot moved this to New Issues in Technical WG Jul 30, 2024
@jumpingliu jumpingliu moved this from New Issues to Icebox in Technical WG Jul 30, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
1-low priority denoting isolated changes enhancement New feature or request security_audit Track issues that are related to CVE/CVSS/CWE auditing etc
Projects
Technical WG
Status: Icebox
Milestone
No milestone
Development

No branches or pull requests
2 participants
@bnevis-i @lenny-goodell