From 4175f787d4d7dfbfc0240ea4dfcfa8e563a46958 Mon Sep 17 00:00:00 2001
From: Jack Chen <jack@iotechsys.com>
Date: Mon, 14 Oct 2024 15:59:35 +0800
Subject: [PATCH] feat: Enable PIE support for ASLR and full RELRO

Signed-off-by: Jack Chen <jack@iotechsys.com>
---
 Makefile | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/Makefile b/Makefile
index 0ab6be87..850e88b5 100644
--- a/Makefile
+++ b/Makefile
@@ -1,5 +1,10 @@
 .PHONY: build test clean docker unittest lint
 
+# change the following boolean flag to enable or disable the Full RELRO (RELocation Read Only) for linux ELF (Executable and Linkable Format) binaries
+ENABLE_FULL_RELRO:="true"
+# change the following boolean flag to enable or disable PIE for linux binaries which is needed for ASLR (Address Space Layout Randomization) on Linux, the ASLR support on Windows is enabled by default
+ENABLE_PIE:="true"
+
 ARCH=$(shell uname -m)
 
 MICROSERVICES=example/cmd/device-simple/device-simple
@@ -16,6 +21,14 @@ GOTESTFLAGS?=-race
 
 GIT_SHA=$(shell git rev-parse HEAD)
 
+ifeq ($(ENABLE_FULL_RELRO), "true")
+	GOFLAGS += -ldflags "-bindnow"
+endif
+
+ifeq ($(ENABLE_PIE), "true")
+	GOFLAGS += -buildmode=pie
+endif
+
 build: $(MICROSERVICES)
 
 tidy: