From f6ad4dcef54c5ce997a4bad5a6d86de229015700 Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Tue, 16 Apr 2024 21:25:22 +0200
Subject: Adding upstream version 1.22.1.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 src/runtime/security_unix.go | 36 ++++++++++++++++++++++++++++++++++++
 1 file changed, 36 insertions(+)
 create mode 100644 src/runtime/security_unix.go

(limited to 'src/runtime/security_unix.go')

diff --git a/src/runtime/security_unix.go b/src/runtime/security_unix.go
new file mode 100644
index 0000000..fa54090
--- /dev/null
+++ b/src/runtime/security_unix.go
@@ -0,0 +1,36 @@
+// Copyright 2023 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build unix
+
+package runtime
+
+func secure() {
+	initSecureMode()
+
+	if !isSecureMode() {
+		return
+	}
+
+	// When secure mode is enabled, we do one thing: enforce specific
+	// environment variable values (currently we only force GOTRACEBACK=none)
+	//
+	// Other packages may also disable specific functionality when secure mode
+	// is enabled (determined by using linkname to call isSecureMode).
+
+	secureEnv()
+}
+
+func secureEnv() {
+	var hasTraceback bool
+	for i := 0; i < len(envs); i++ {
+		if hasPrefix(envs[i], "GOTRACEBACK=") {
+			hasTraceback = true
+			envs[i] = "GOTRACEBACK=none"
+		}
+	}
+	if !hasTraceback {
+		envs = append(envs, "GOTRACEBACK=none")
+	}
+}
-- 
cgit v1.2.3