area/securitydesign proposalhelp wanted
仓库指标
- Star
- (27,997 star)
- PR 合并指标
- (平均合并 8天) (30 天内合并 378 个 PR)
描述
This issue continues from https://github.com/envoyproxy/envoy/issues/5348 and tracks the security specific concerns in a "secure Envoy" build. Ideas that we have heard about so far include:
- Conservative defaults for all buffer sizes and timeouts in the configuration.
- A
SECURITY_ASSERTmacro that might promote some extantASSERTtoRELEASE_ASSERT. - Additional data structure and data plane payload integrity checks.
- Restricting allowed extensions to those tagged as valid for untrusted downstream/upstreams (see https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/security/threat_model#core-and-extensions)
- Build with Scudo allocator (https://github.com/envoyproxy/envoy/issues/9365)
-fstack-protector-all-fstack-clash-protection- https://clang.llvm.org/docs/ControlFlowIntegrity.html
- Anything else in https://wiki.debian.org/Hardening
- Enabling
ABSL_HARDENING_ASSERT
Please propose others.