security_unix.go

     1  // Copyright 2023 The Go Authors. All rights reserved.
     2  // Use of this source code is governed by a BSD-style
     3  // license that can be found in the LICENSE file.
     4  
     5  //go:build unix
     6  
     7  package runtime
     8  
     9  import (
    10  	"internal/stringslite"
    11  )
    12  
    13  func secure() {
    14  	initSecureMode()
    15  
    16  	if !isSecureMode() {
    17  		return
    18  	}
    19  
    20  	// When secure mode is enabled, we do one thing: enforce specific
    21  	// environment variable values (currently we only force GOTRACEBACK=none)
    22  	//
    23  	// Other packages may also disable specific functionality when secure mode
    24  	// is enabled (determined by using linkname to call isSecureMode).
    25  
    26  	secureEnv()
    27  }
    28  
    29  func secureEnv() {
    30  	var hasTraceback bool
    31  	for i := 0; i < len(envs); i++ {
    32  		if stringslite.HasPrefix(envs[i], "GOTRACEBACK=") {
    33  			hasTraceback = true
    34  			envs[i] = "GOTRACEBACK=none"
    35  		}
    36  	}
    37  	if !hasTraceback {
    38  		envs = append(envs, "GOTRACEBACK=none")
    39  	}
    40  }
    41
View as plain text