On Tuesday, August 23, 2022 at 8:47:11 PM UTC+2 Ian Lance Taylor wrote:
> On Tue, Aug 23, 2022 at 9:29 AM Robert Engels <ren...@ix.netcom.com> > wrote: > > > > I did not read the analysis - just the thread here and earlier threads > on this subject. My understanding that even though Go is statically linked > the loader does relocations that confuse virus scanners. > > I'm not sure precisely what you mean, but I don't think that's > accurate. There is no Go loader. The statically linked binary > produced for a pure Go executable has no run-time relocations at all. > > My assumption--and it is just an assumption--is roughly the reverse: > because pure Go programs are statically linked, and because the symbol > table does not use the same names as a default C symbol table, a virus > scanner has a harder time seeing which system calls are being used. > Of course the same would be true for a statically linked C program, > but perhaps malware writers tend to steer clear of those. > > Obviously anything that Go is doing can also be done in C, but the > malware authors do have to work a bit harder to do that. > > Ian > > That's why you need to follow the defense in depth strategy. That's the reason for having things like seccomp (for syscall filtering), LSMs like AppArmor and SELinux (MACs), ... however, these are no silver bullets and actually either cause a false sense of security (especially AppArmor when it comes to not only Linux container technology using mount namespaces) or can easily grind your system to a total halt, like messing up your SELinux labels, preferably by your favorite long-term (in)stable Linux distribution not understanding the importance of certain file system tools in correctly handling extended file attributes containing SELinux labels. You need a great deal of deep understanding to operate them correctly and to achieve more than just to superfluous token security that your vendor delivers. When an InfoSec starts to argue about Go (C, C++, JavaScript, ...) being unsafe, that enterprise has the worst enemy it can get: its own InfoSec. They have drunken deep from the well of Security Vendor cool aid. -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/golang-nuts/61ccd71b-31bf-4fd8-849a-48359a9c3defn%40googlegroups.com.
