Support go compiler flags for address sanitization and spectre mitigations #4591

bnevis-i · 2023-06-07T16:14:25Z

🚀 Feature Request

All golang components.

A number of new security flags have been added to golang that should be integrated into our makefiles.

For binaries that interact with legacy C libraries, we should enable address sanitization, -msan -asan :
golang/go#44853

There are also flags to mitigate against speculative execution attacks, -spectre=index,ret
https://zchee.github.io/golang-wiki/Spectre/

Potentially, can do this:
GOFLAGS=-trimpath -mod=readonly -asmflags=all="-spectre=all" -gcflags=all="-spectre=all" -ldflags="-s -w"

The text was updated successfully, but these errors were encountered:

bnevis-i added enhancement New feature or request security_audit Track issues that are related to CVE/CVSS/CWE auditing etc labels Jun 7, 2023

bnevis-i added this to New Issues in Security WG via automation Jun 7, 2023

bnevis-i moved this from New Issues to Icebox in Security WG Jun 7, 2023

lenny-goodell added the 1-low priority denoting isolated changes label Jan 8, 2024