area/securitydesign proposalhelp wanted
Métricas do repositório
- Stars
- (27.997 stars)
- Métricas de merge de PR
- (Mesclagem média 8d) (378 fundiu PRs em 30d)
Description
This issue continues from https://github.com/envoyproxy/envoy/issues/5348 and tracks the security specific concerns in a "secure Envoy" build. Ideas that we have heard about so far include:
- Conservative defaults for all buffer sizes and timeouts in the configuration.
- A
SECURITY_ASSERTmacro that might promote some extantASSERTtoRELEASE_ASSERT. - Additional data structure and data plane payload integrity checks.
- Restricting allowed extensions to those tagged as valid for untrusted downstream/upstreams (see https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/security/threat_model#core-and-extensions)
- Build with Scudo allocator (https://github.com/envoyproxy/envoy/issues/9365)
-fstack-protector-all-fstack-clash-protection- https://clang.llvm.org/docs/ControlFlowIntegrity.html
- Anything else in https://wiki.debian.org/Hardening
- Enabling
ABSL_HARDENING_ASSERT
Please propose others.