Skip to content

Commit

Permalink
pkg: Fix cgo CFLAGS for rngd
Browse files Browse the repository at this point in the history 
Go commit golang/go#23672 introduced a
whitelist ofr flags passed into gcc to prevent arbitrary code
execution (CVE-2018-6574). The x86 rngd code uses two CFLAGS
not on the whitelist. Add them to 'CGO_CFLAGS_ALLOW'.

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@gmail.com>
  • Loading branch information
@rn
rn committed Mar 24, 2018
1 parent 7459bd1 commit 998eaa7
Showing 1 changed file with 3 additions and 0 deletions.
3 changes: 3 additions & 0 deletions pkg/rngd/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,9 @@ FROM linuxkit/alpine:96ad1eb5ec262b4cd0eef574cdc0b225b502d9ee AS mirror
RUN apk add --no-cache go gcc musl-dev linux-headers
ENV GOPATH=/go PATH=$PATH:/go/bin

# see https://github.com/golang/go/issues/23672
ENV CGO_CFLAGS_ALLOW=(-mrdrnd|-mrdseed)

COPY cmd/rngd/ /go/src/rngd/
RUN REQUIRE_CGO=1 go-compile.sh /go/src/rngd

Expand Down

0 comments on commit 998eaa7

Please sign in to comment.