diff options
Diffstat (limited to 'src/cmd/cgo/doc.go')
-rw-r--r-- | src/cmd/cgo/doc.go | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/src/cmd/cgo/doc.go b/src/cmd/cgo/doc.go index b2388829a8..dbb399bb49 100644 --- a/src/cmd/cgo/doc.go +++ b/src/cmd/cgo/doc.go @@ -55,11 +55,21 @@ For example: The default pkg-config tool may be changed by setting the PKG_CONFIG environment variable. +For security reasons, only a limited set of flags are allowed, notably -D, -I, and -l. +To allow additional flags, set CGO_CFLAGS_ALLOW to a regular expression +matching the new flags. To disallow flags that would otherwise be allowed, +set CGO_CFLAGS_DISALLOW to a regular expression matching arguments +that must be disallowed. In both cases the regular expression must match +a full argument: to allow -mfoo=bar, use CGO_CFLAGS_ALLOW='-mfoo.*', +not just CGO_CFLAGS_ALLOW='-mfoo'. Similarly named variables control +the allowed CPPFLAGS, CXXFLAGS, FFLAGS, and LDFLAGS. + When building, the CGO_CFLAGS, CGO_CPPFLAGS, CGO_CXXFLAGS, CGO_FFLAGS and CGO_LDFLAGS environment variables are added to the flags derived from these directives. Package-specific flags should be set using the directives, not the environment variables, so that builds work in -unmodified environments. +unmodified environments. Flags obtained from environment variables +are not subject to the security limitations described above. All the cgo CPPFLAGS and CFLAGS directives in a package are concatenated and used to compile C files in that package. All the CPPFLAGS and CXXFLAGS |