mergestat-lite icon indicating copy to clipboard operation
mergestat-lite copied to clipboard

Published 20 hours ago โ€ข verified publisher icon mergestat

Hardening binary & shared library

Open grawlinson opened this issue 2 years ago โ€ข 2 comments

I'm one of the package maintainers for Arch Linux and I also maintain a few packages on the AUR, which mergestat can be found on.

Just wondering if there's any interest in RELRO/PIE being applied to the binary & shared library?

I generally try and apply these to all the Go-related packages that I maintain due to our Go package guidelines. I've found that mergestat seems to be working fine with these applied, as per this commit.

grawlinson avatar Apr 04 '22 02:04 grawlinson

Hi @grawlinson thanks for reaching out! Yes - we do have interest in applying RELRO/PIE to the binary and shared library, thank you for sharing the background for those as well. It looks like line 57 in the linked commit there is the key bit? I will look into adding those flags to our Makefile and open a PR shortly

patrickdevivo avatar Apr 04 '22 21:04 patrickdevivo

Thereโ€™s a few parameters that need to be added to LDFLAGS, Iโ€™ll have a look at them and get back to you.

grawlinson avatar Apr 04 '22 22:04 grawlinson