Comments (3)
Hi,
Some of the hardening options require the use of cgo. Telegraf builds are static binaries and do not use cgo today. This is not something we would change.
Any changes would be done in a new minor release and not a bug fix release as well.
@jdstrand pointed out that PIE has potential for performance impact depending on arch (see https://wiki.ubuntu.com/Security/Features#Built_as_PIE). We would probably want this enable only in amd64, arm64, s390x, riscv64, ppc64el builds. Additionally, we would want to do some testing of sorts to ensure we do not greatly regress performance, particularly in the parsers.
The other changes would generally require the use of CGO to pass flags to the C compiler.
As a result, I think the change required then is to add GOFLAGS="-buildmode=pie"
to the specific architectures listed above. That would enable PIE and RELRO would report as partial.
from telegraf.
-buildmode=pie requires external (cgo) linking, but cgo is not enabled
Apparently, PIE requires cgo as well... in which case I'm not sure we would enable any of these. This led me to golang/go#64875 which seems to have a been a recent change and this list of supported PIE OS+Arch combos.
from telegraf.
I am going to close as this as something we won't change. Because we do not use cgo and do not wish to turn it on, then it doesn't make sense to enable anything further. If I am mistaken then feel free to comment or even put up a PR with a fix/change.
Thanks!
from telegraf.
Related Issues (20)
- Timezone Not Inlcuded in Backup in SQL Server input HOT 2
- [aggregators.derivative] plugin not working HOT 1
- inputs.knx_listener: add support for String data type HOT 2
- json_v2 parsers doesn't support object measurement_name_path HOT 3
- Systemd does not wait until telegraf shuts down gracefully HOT 1
- [gNMI plugin] Add Secretstores support for device username and password HOT 2
- inputs.opcua : panicked : runtime error HOT 2
- PHP-FPM could crash when timeout is configured HOT 2
- File descriptor / HTTP client connection leak on telegraf reload HOT 4
- Support Kafka output graceful failure & retry HOT 1
- kafka authbearer not working with keycloak HOT 2
- how the lustre2_jobstats_read_latency metrics is get HOT 2
- Metrics for SCSI devices(SMARTCTL PLUGIN) HOT 9
- Google Cloud Storage output plugin HOT 3
- feat(inputs.redfish): Add token based authentication mechanism HOT 8
- inputs.prometheus - http_headers - host header ignored HOT 6
- include 'github.com/microsoft/go-mssqldb/integratedauth/krb5' package to outputs/sql/sql.go HOT 2
- cannot see the data in influx db . input:mqtt via: telegraf HOT 8
- Redis Cluster Node Discovery HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from telegraf.