area/securitydesign proposalhelp wanted
倉庫指標
- Star
- (27,997 star)
- PR 合併指標
- (平均合併 8天) (30 天內合併 378 個 PR)
描述
This issue continues from https://github.com/envoyproxy/envoy/issues/5348 and tracks the security specific concerns in a "secure Envoy" build. Ideas that we have heard about so far include:
- Conservative defaults for all buffer sizes and timeouts in the configuration.
- A
SECURITY_ASSERTmacro that might promote some extantASSERTtoRELEASE_ASSERT. - Additional data structure and data plane payload integrity checks.
- Restricting allowed extensions to those tagged as valid for untrusted downstream/upstreams (see https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/security/threat_model#core-and-extensions)
- Build with Scudo allocator (https://github.com/envoyproxy/envoy/issues/9365)
-fstack-protector-all-fstack-clash-protection- https://clang.llvm.org/docs/ControlFlowIntegrity.html
- Anything else in https://wiki.debian.org/Hardening
- Enabling
ABSL_HARDENING_ASSERT
Please propose others.