By default, Go builds everything as non-PIC code. This is an issue, as
ASLR is not enabled for non-PIC code and thus the usefulness of ASLR is
diminished with Go (especially since the libraries used are compiled
into the binary, giving more opportunities for ROP gadgets).
openSUSE has recently put a lot of effort into enabling -fPIC for as
many packages as possible, so we should follow suit in Go.
By default, Go builds everything as non-PIC code. This is an issue, as ASLR is not enabled for non-PIC code and thus the usefulness of ASLR is diminished with Go (especially since the libraries used are compiled into the binary, giving more opportunities for ROP gadgets).
openSUSE has recently put a lot of effort into enabling -fPIC for as many packages as possible, so we should follow suit in Go.
SUSE-Bug: https://bugzilla.suse.com/show_bug.cgi?id=1048046 Signed-off-by: Aleksa Sarai asarai@suse.de