area/securitydesign proposalhelp wanted
Repository-Metriken
- Stars
- (27.997 Stars)
- PR-Merge-Metriken
- (Durchschn. Merge 8T) (378 gemergte PRs in 30 T)
Beschreibung
This issue continues from https://github.com/envoyproxy/envoy/issues/5348 and tracks the security specific concerns in a "secure Envoy" build. Ideas that we have heard about so far include:
- Conservative defaults for all buffer sizes and timeouts in the configuration.
- A
SECURITY_ASSERTmacro that might promote some extantASSERTtoRELEASE_ASSERT. - Additional data structure and data plane payload integrity checks.
- Restricting allowed extensions to those tagged as valid for untrusted downstream/upstreams (see https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/security/threat_model#core-and-extensions)
- Build with Scudo allocator (https://github.com/envoyproxy/envoy/issues/9365)
-fstack-protector-all-fstack-clash-protection- https://clang.llvm.org/docs/ControlFlowIntegrity.html
- Anything else in https://wiki.debian.org/Hardening
- Enabling
ABSL_HARDENING_ASSERT
Please propose others.