go/src at dce0eb2dd294536ec7f774fdde8ff3cefa2dab63 - languages/go

mirror of https://github.com/golang/go synced 2024-10-14 11:53:56 +00:00

History

Russ Cox 1dcb5836ad cmd/go: accept only limited compiler and linker flags in #cgo directives Both gcc and clang accept an option -fplugin=code.so to load a plugin from the ELF shared object file code.so. Obviously that plugin can then do anything it wants during the build. This is contrary to the goal of "go get" never running untrusted code during the build. (What happens if you choose to run the result of the build is your responsibility.) Disallow this behavior by only allowing a small set of known command-line flags in #cgo CFLAGS directives (and #cgo LDFLAGS, etc). The new restrictions can be adjusted by the environment variables CGO_CFLAGS_ALLOW, CGO_CFLAGS_DISALLOW, and so on. See the documentation. In addition to excluding cgo-defined flags, we also have to make sure that when we pass file names on the command line, they don't look like flags. So we now refuse to build packages containing suspicious file names like -x.go. A wrinkle in all this is that GNU binutils uniformly accept @foo on the command line to mean "if the file foo exists, then substitute its contents for @foo in the command line". So we must also reject @x.go, flags and flag arguments beginning with @, and so on. Fixes #23672, CVE-2018-6574. Change-Id: I59e7c1355155c335a5c5ae0d2cf8fa7aa313940a Reviewed-on: https://team-review.git.corp.google.com/209949 Reviewed-by: Ian Lance Taylor <iant@google.com>		2018-02-07 15:35:57 +00:00
..
archive	archive/zip: add test for Modified vs ModTime behavior	2017-12-01 00:22:21 +00:00
bufio	bufio: Use maxConsecutiveEmptyReads instead of 100	2017-11-14 05:21:00 +00:00
builtin	builtin: improve docs for make slice	2017-11-18 01:48:52 +00:00
bytes	bytes: mention strings.Builder in Buffer.String docs	2017-11-30 01:46:50 +00:00
cmd	cmd/go: accept only limited compiler and linker flags in #cgo directives	2018-02-07 15:35:57 +00:00
compress
container	container/list: document nil values more	2018-01-08 18:06:27 +00:00
context
crypto	crypto/x509: better document Verify's behaviour.	2018-01-18 14:43:29 +00:00
database/sql	database/sql: buffers provided to Rows.Next should not be modified by drivers	2018-01-25 19:14:14 +00:00
debug	debug/gosym: update docs for changes in Go 1.3	2017-11-30 22:49:27 +00:00
encoding	encoding/gob: avoid race on idToType	2018-01-04 02:17:33 +00:00
errors
expvar
flag	flag: clarify comment to avoid shell syntax confusion	2017-12-06 04:36:03 +00:00
fmt	fmt: hide bad format in test from vet	2017-10-31 13:49:53 +00:00
go	go/internal/gccgoimporter: remove old and exp gccgo packages in test	2018-02-02 20:06:07 +00:00
hash	hash: add MarshalBinary/UnmarshalBinary round trip + golden test for all implementations	2017-12-06 07:45:46 +00:00
html	html/template: check for duplicates when inserting escapers	2018-01-10 17:36:27 +00:00
image	Revert "go/printer: forbid empty line before first comment in block"	2017-12-01 01:12:26 +00:00
index/suffixarray
internal	cmd/trace: init goroutine info entries with GoCreate event	2017-12-20 23:04:21 +00:00
io	io: eliminate full copy of copy loop in CopyN	2017-11-16 02:24:37 +00:00
log	log: Remove unnecessary else	2017-10-25 05:02:37 +00:00
math	math/rand: typo fixed in documentation of seedPos	2018-01-04 20:27:29 +00:00
mime	all: unindent some if bodies by exiting early	2017-10-31 20:07:46 +00:00
net	net: fix the kernel state name for TCP listen queue on FreeBSD	2018-02-02 00:04:20 +00:00
os	os/signal: skip TestTerminalSignal if posix_openpt fails with EACCES	2018-01-31 00:50:06 +00:00
path
plugin	plugin: document support for macOS	2017-12-12 00:59:50 +00:00
reflect	reflect: fix doc nit	2018-01-09 21:48:16 +00:00
regexp	Revert "go/printer: forbid empty line before first comment in block"	2017-12-01 01:12:26 +00:00
runtime	runtime: restore RSB for sigpanic call on mips64x	2018-01-31 20:57:53 +00:00
sort	sort: split post-Go1.4 code into its own file	2017-10-27 16:01:43 +00:00
strconv	unicode: update to Unicode 10.0.0	2017-10-24 12:42:35 +00:00
strings	strings: prevent copyCheck from forcing Builder to escape and allocate	2018-01-09 22:01:28 +00:00
sync	sync: consistently use article "a" for RWMutex	2018-01-16 23:09:57 +00:00
syscall	syscall: use SYS_GETDENTS64 on linux/mips64{,le}	2018-01-31 20:42:49 +00:00
testing	cmd/go, testing: test names don't have to be alphanumeric	2018-01-04 01:52:55 +00:00
text	text/template: revert CL 66410 "add break, continue actions in ranges"	2018-02-06 05:00:01 +00:00
time	time: revert CL 78735 (was: space padding using underscore)	2018-01-03 20:50:44 +00:00
unicode	Revert "go/printer: forbid empty line before first comment in block"	2017-12-01 01:12:26 +00:00
unsafe
vendor/golang_org/x	vendor: update golang.org/x/net/nettest from upstream	2017-11-29 19:55:02 +00:00
all.bash
all.bat
all.rc
androidtest.bash	misc,src: add support for specifying adb flags to the android harness	2018-01-20 21:13:30 +00:00
bootstrap.bash	bootstrap.bash: only fetch git revision if we need it	2018-01-30 15:11:56 +00:00
buildall.bash
clean.bash
clean.bat
clean.rc
cmp.bash
iostest.bash
make.bash	cmd/dist: fix bad LC_TIME assumption in 'date' invocation	2017-11-03 13:42:33 +00:00
make.bat	build: quiet make.bash, make.bat, make.rc	2017-10-31 13:48:53 +00:00
Make.dist
make.rc	build: quiet make.bash, make.bat, make.rc	2017-10-31 13:48:53 +00:00
naclmake.bash
nacltest.bash
race.bash
race.bat
run.bash
run.bat
run.rc