feat: Enable PIE support for ASLR and full RELRO

Signed-off-by: Jack Chen <[email protected]>

Makefile

@@ -16,6 +16,11 @@
 
 .PHONY: build tidy docker test clean vendor
 
+# change the following boolean flag to enable or disable the Full RELRO (RELocation Read Only) for linux ELF (Executable and Linkable Format) binaries
+ENABLE_FULL_RELRO:="true"
+# change the following boolean flag to enable or disable PIE for linux binaries which is needed for ASLR (Address Space Layout Randomization) on Linux, the ASLR support on Windows is enabled by default
+ENABLE_PIE:="true"
+
 # VERSION file is not needed for local development, In the CI/CD pipeline, a temporary VERSION file is written
 # if you need a specific version, just override below
 APPVERSION=$(shell cat ./VERSION 2>/dev/null || echo 0.0.0)
@@ -34,6 +39,14 @@ GIT_SHA=$(shell git rev-parse HEAD)
 
 ARCH=$(shell uname -m)
 
+ifeq ($(ENABLE_FULL_RELRO), "true")
+	GOFLAGS += -ldflags "-bindnow"
+endif
+
+ifeq ($(ENABLE_PIE), "true")
+	GOFLAGS += -buildmode=pie
+endif
+
 # CGO is enabled by default and causes docker builds to fail due to no gcc,
 # but is required for test with -race, so must disable it for the builds only
 build: