Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Hardening binary & shared library #280

Open
grawlinson opened this issue Apr 4, 2022 · 2 comments
Open

Hardening binary & shared library #280

grawlinson opened this issue Apr 4, 2022 · 2 comments
Assignees
@patrickdevivo

Comments

@grawlinson
Copy link

I'm one of the package maintainers for Arch Linux and I also maintain a few packages on the AUR, which mergestat can be found on.

Just wondering if there's any interest in RELRO/PIE being applied to the binary & shared library?

I generally try and apply these to all the Go-related packages that I maintain due to our Go package guidelines. I've found that mergestat seems to be working fine with these applied, as per this commit.
@patrickdevivo
Copy link
Contributor

Hi @grawlinson thanks for reaching out! Yes - we do have interest in applying RELRO/PIE to the binary and shared library, thank you for sharing the background for those as well. It looks like line 57 in the linked commit there is the key bit? I will look into adding those flags to our Makefile and open a PR shortly

@patrickdevivo patrickdevivo self-assigned this Apr 4, 2022
@grawlinson
Copy link
Author

There’s a few parameters that need to be added to LDFLAGS, I’ll have a look at them and get back to you.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@patrickdevivo patrickdevivo

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@patrickdevivo @grawlinson