pkg: Fix cgo CFLAGS for rngd

Go commit https://github.com/golang/go/issues/23672 introduced a whitelist ofr flags passed into gcc to prevent arbitrary code execution (CVE-2018-6574). The x86 rngd code uses two CFLAGS not on the whitelist. Add them to 'CGO_CFLAGS_ALLOW'. Signed-off-by: Rolf Neugebauer <rolf.neugebauer@gmail.com>
2025-07-20 17:49:10 +00:00 · 2018-03-24 09:19:40 +00:00 · 2018-03-24 09:19:40 +00:00 · 998eaa7dad
commit 998eaa7dad
parent 7459bd1546
1 changed files with 3 additions and 0 deletions
--- a/pkg/rngd/Dockerfile
+++ b/pkg/rngd/Dockerfile
@ -3,6 +3,9 @@ FROM linuxkit/alpine:96ad1eb5ec262b4cd0eef574cdc0b225b502d9ee AS mirror
 RUN apk add --no-cache go gcc musl-dev linux-headers
 ENV GOPATH=/go PATH=$PATH:/go/bin

+# see https://github.com/golang/go/issues/23672
+ENV CGO_CFLAGS_ALLOW=(-mrdrnd|-mrdseed)
+
 COPY cmd/rngd/ /go/src/rngd/
 RUN REQUIRE_CGO=1 go-compile.sh /go/src/rngd