Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

net/http/pprof: assess and document security implications of the goroutines endpoint #46307

Open
FiloSottile opened this issue May 21, 2021 · 1 comment

Comments

@FiloSottile
Copy link
Contributor

@FiloSottile FiloSottile commented May 21, 2021

The net/http/pprof endpoints include stack traces with integer arguments, which can leak sensitive information depending on the settings. We should mention that in the docs.

@dmitshur dmitshur added this to the Backlog milestone May 21, 2021
@FiloSottile FiloSottile changed the title net/http/pprof: add note about security implications to the docs net/http/pprof: assess and document security implications of the goroutines endpoint Jun 10, 2021
@FiloSottile
Copy link
Contributor Author

@FiloSottile FiloSottile commented Jun 10, 2021

Maybe we should even hide the variables from the net/http/pprof output, or make them optional.

Loading

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
2 participants