This is a feature request for an additional flag for compilation to create a sanitized
or hardened binary.
This binary could include a number of features, espescially including:
- fake paths (ala /go/root/<pkgname> instead of the real filename)
- doesn't have stack tracing on panic
- doesn't print faulting instruction, address on segfault
The existing pack tool allows you to strip prefixes from paths, but there's no option to
pass that through the go build tool chain. Furthermore, this doesn't disable printing
stack traces, etc.
The text was updated successfully, but these errors were encountered:
The "fake paths" one would be nice. Reading traces that contain filenames like
/var/lib/jenkins/jobs/go/workspace/go/src/pkg/foo/bar.go is quite hard. In this
particular case you could setup a custom workspace to build under /go, but as soon as
you have people producing builds of other stuff in their home directories, you have the
I tried to create a temp build dir in /tmp/build with /tmp/build/src symlinked to
$GOPATH/src, but the full filenames were still included (I guess it did an path.Clean or
equivalent). The solution I'm currently adopting is to just deep copy into the
/tmp/build before compiling my production binary, but that is quite unsatisfactory.
A workaround for fake path, move your pkgs under $GOROOT/src/pkg/, and set
then rerun all.bash and then rebuild your application. (Remember always point $GOROOT to
Note that cmd/go by default normalize (path/filepath.EvalSymlinks) your path, so
symlinks won't work.
The other two points are also easy to achieve, but you need to patch runtime.
We spend most of our time making programs more debuggable, not less. Doing this would require adding complexity to the runtime, compiler, linker, all things that are too complex already, and then carrying around those diffs, for no real benefit. Sorry, but no.
Note that whatever flag we add to go build for #16860 will probably make file paths start with just the import path (strings/x.go instead of /home/you/go/src/strings/x.go), so at least the prefix leaking concern will be addressed.