// Copyright 2023 The Go Authors. All rights reserved.// Use of this source code is governed by a BSD-style// license that can be found in the LICENSE file.//go:build unixpackage runtimefunc () {initSecureMode()if !isSecureMode() {return }// When secure mode is enabled, we do two things: // 1. ensure the file descriptors 0, 1, and 2 are open, and if not open them, // pointing at /dev/null (or fail) // 2. enforce specific environment variable values (currently we only force // GOTRACEBACK=none) // // Other packages may also disable specific functionality when secure mode // is enabled (determined by using linkname to call isSecureMode). // // NOTE: we may eventually want to enforce (1) regardless of whether secure // mode is enabled or not.secureFDs()secureEnv()}func () {varboolfor := 0; < len(envs); ++ {ifhasPrefix(envs[], "GOTRACEBACK=") { = trueenvs[] = "GOTRACEBACK=none" } }if ! {envs = append(envs, "GOTRACEBACK=none") }}func () {const (// F_GETFD and EBADF are standard across all unixes, define // them here rather than in each of the OS specific files = 0x01 = 0x09 ) := []byte("/dev/null\x00")for := 0; < 3; ++ { , := fcntl(int32(), , 0)if >= 0 {continue }if != {print("runtime: unexpected error while checking standard file descriptor ", , ", errno=", , "\n")throw("cannot secure fds") }if := open(&[0], 2/* O_RDWR */, 0); < 0 {print("runtime: standard file descriptor ", , " closed, unable to open /dev/null, errno=", , "\n")throw("cannot secure fds") } elseif != int32() {print("runtime: opened unexpected file descriptor ", , " when attempting to open ", , "\n")throw("cannot secure fds") } }}
The pages are generated with Goldsv0.6.7. (GOOS=linux GOARCH=amd64)
Golds is a Go 101 project developed by Tapir Liu.
PR and bug reports are welcome and can be submitted to the issue list.
Please follow @Go100and1 (reachable from the left QR code) to get the latest news of Golds.
