Comments (1)
Go is designed to be a memory-safe programming language. Memory safety refers to a language's ability to prevent certain classes of memory-related errors, such as buffer overflows, null pointer dereferences, and memory leaks. Go achieves memory safety through several language features and design choices:
- Garbage Collection: Go uses automatic garbage collection to manage memory, meaning the language runtime automatically handles memory allocation and deallocation. This helps prevent common memory-related bugs like memory leaks.
- Slices and Bounds Checking: Go's slices are bounds-checked, meaning the runtime checks array/slice accesses to ensure they stay within the bounds of the underlying memory. This helps prevent buffer overflows and related vulnerabilities.
- Strong Typing: Go is statically typed, and its type system helps catch many memory-related errors at compile-time.
- Pointers and Safety: While Go allows the use of pointers, it restricts direct memory manipulation and provides some safety measures like nil pointer checks.
However, it's important to note that no programming language can guarantee absolute memory safety. Developers must still be mindful of their code, write safe and secure practices, and follow best practices to minimize potential memory-related issues.
In Go-code, the memory safety guarantees can be circumvented by the use of the unsafe
package which permits arbitrary memory access and can loose type safety.
As a security critical software component, go-rosenpass does not make use of the unsafe
package.
See also
- https://www.memorysafety.org/docs/memory-safety
- NSA's Cybersecurity Information Sheet about Software Memory Safety
Future improvements
- Add CI checks to check against usage of
unsafe
package (see #58).
from go-rosenpass.
Related Issues (20)
- Eliminate IO/logging initiated by unauthenticated code paths
- Check for panics initiated by network IO HOT 1
- Evaluate possibility of printf-injection attacks in Go HOT 1
- Error sentinel values HOT 2
- Automate unmarshaling
- Check for possible dead-locks HOT 1
- Check for switch-case fall-throughs without any case matching HOT 1
- Make code allocation-free in network code paths
- Only update peer endpoints address when authenticated
- Use forbidigo linter to check check against use of disallowed functions
- Increase test coverage for config package
- Add single-port mode via eBPF filtered connection
- Add auto-configuration mode HOT 1
- Remove `golang.org/x/exp` dependency once Go 1.21 is released
- Use `recover()` to recover from panics within critical code paths
- Enable `completion` sub-command in spf13/cobra HOT 1
- Implement random retry delay for initial InitHello message to avoid race conditions
- Fix leaking Go-routines of retransmission / biscuit timer HOT 1
- Allow managing single peer addition / remove / change at server runtime
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from go-rosenpass.