cmd/go: add -flat_namespace to LDFLAGS whitelist

[crawshaw]

The approximate macOS equivalent to linux's -Wl,--unresolved-symbols=ignore is -Wl,-undefined,suppress. It is whitelisted, but using it requires setting the linker flag -flat_namespace, which is not on the whitelist.

The Apple documentation reads:

-flat_namespace
            Alters how symbols are resolved at build time and runtime.  With
            -two_levelnamespace (the default), the linker only searches dylibs
            on the command line for symbols, and records in which dylib they
            were found.  With -flat_namespace, the linker searches all dylibs
            on the command line and all dylibs those original dylibs depend
            on.  The linker does not record which dylib an external symbol
            came from, so at runtime dyld again searches all images and uses
            the first definition it finds.  In addition, any undefines in
            loaded flat_namespace dylibs must be resolvable at build time.

I thought about it a bit and cannot see any way this can cause arbitrary code execution. Could it be included on the whitelist?

Thanks.

cc @ianlancetaylor

[crawshaw]

I would assign this the Go1.11 label as I would like to see it in the next release, but apparently I was removed from the go github organization. (Presumably some helpful shell script somewhere.)

[gopherbot]

Change https://golang.org/cl/121819 mentions this issue: cmd/go: add -flat_namespace to LDFLAGS whitelist

[mvdan]

@crawshaw I'm sure you'd be given full access to the issue tracker again if you filed an issue about it :) https://github.com/golang/go/wiki/GithubAccess

[FiloSottile]

By the way, this is a thing now: @gopherbot please label NeedsFix. But looks like you have access again.