From 3ed64162fe5da762afcd5902d8c2c408f66a7072 Mon Sep 17 00:00:00 2001
From: Jack Chen <jack@iotechsys.com>
Date: Mon, 14 Oct 2024 15:41:27 +0800
Subject: [PATCH] feat: Enable PIE support for ASLR and full RELRO

Signed-off-by: Jack Chen <jack@iotechsys.com>
---
 Makefile | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/Makefile b/Makefile
index 48164c4..59f0350 100644
--- a/Makefile
+++ b/Makefile
@@ -1,5 +1,10 @@
 .PHONY: build test clean prepare update docker
 
+# change the following boolean flag to enable or disable the Full RELRO (RELocation Read Only) for linux ELF (Executable and Linkable Format) binaries
+ENABLE_FULL_RELRO:="true"
+# change the following boolean flag to enable or disable PIE for linux binaries which is needed for ASLR (Address Space Layout Randomization) on Linux, the ASLR support on Windows is enabled by default
+ENABLE_PIE:="true"
+
 MICROSERVICES=cmd/device-uart
 
 .PHONY: $(MICROSERVICES)
@@ -14,6 +19,14 @@ GOFLAGS=-ldflags "-X github.com/edgexfoundry/device-uart.Version=$(VERSION) \
                   -X github.com/edgexfoundry/device-sdk-go/v3/internal/common.SDKVersion=$(SDKVERSION)" \
                    -trimpath -mod=readonly
 
+ifeq ($(ENABLE_FULL_RELRO), "true")
+	GOFLAGS += -ldflags "-bindnow"
+endif
+
+ifeq ($(ENABLE_PIE), "true")
+	GOFLAGS += -buildmode=pie
+endif
+
 build: $(MICROSERVICES)
 
 build-nats: