area/securitydesign proposalhelp wanted
Metriche repository
- Star
- (27.997 star)
- Metriche merge PR
- (Merge medio 8g) (378 PR mergiate in 30 g)
Descrizione
This issue continues from https://github.com/envoyproxy/envoy/issues/5348 and tracks the security specific concerns in a "secure Envoy" build. Ideas that we have heard about so far include:
- Conservative defaults for all buffer sizes and timeouts in the configuration.
- A
SECURITY_ASSERTmacro that might promote some extantASSERTtoRELEASE_ASSERT. - Additional data structure and data plane payload integrity checks.
- Restricting allowed extensions to those tagged as valid for untrusted downstream/upstreams (see https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/security/threat_model#core-and-extensions)
- Build with Scudo allocator (https://github.com/envoyproxy/envoy/issues/9365)
-fstack-protector-all-fstack-clash-protection- https://clang.llvm.org/docs/ControlFlowIntegrity.html
- Anything else in https://wiki.debian.org/Hardening
- Enabling
ABSL_HARDENING_ASSERT
Please propose others.