github-actions[bot]
commented
1 year ago This issue is stale because it has been open 90 days with no activity. Remove the stale label or comment or this will be closed in 5 days. To ignore this issue entirely you can add the no-stale label
What version of pkg are you using?
5.8.0
What version of Node.js are you using?
18.13.0
What operating system are you using?
Alpine Linux
What CPU architecture are you using?
x64
What Node versions, OSs and CPU architectures are you building for?
node18-alpine-x64
Describe the Bug
When an executable is generated using pkg on Alpine Linux (in a docker image builder), the executable is generated with the PIE (Position Independent Executable) compile option disabled. The following command is used to generate the executable:
pkg --targets node18-alpine-x64 --config package.json --options --no-warnings --output compiled/bin/ compiled/Service.js
The PIE compile option is required to be enabled in order for the operating system to use ASLR (Address Space Layout Randomization). ASLR is a mitigation against memory vulnerabilities, such as buffer overflow.
I haven't been able to find an option or configuration for pkg that allows me to enable the PIE compile option for the generated executable.
Expected Behavior
pkg should have an option or configuration that allows executables to be generated with the PIE (Position Independent Executable) compile option enabled.
To Reproduce
Generate an executable for Alpine Linux (node18-alpine-x64) using pkg. (E.g: pkg --targets node18-alpine-x64 --config package.json --options --no-warnings --output compiled/bin/ compiled/Service.js)
Install checksec (to check the compile options used for the executable): apk update apk add git build-base bash openssl git clone https://github.com/slimm609/checksec.sh.git cd checksec.sh make cp checksec /usr/local/bin/
Make sure checksec is installed: checksec --version
Run checksec against the generated executable: checksec --file=
Result: The compile options are listed and the PIE option is set to NO PIE