New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Remove pie from GOFLAGS #2237
Remove pie from GOFLAGS #2237
Conversation
Signed-off-by: Dan Luhring <dluhring@chainguard.dev>
I am curious about this because this feels like a security feature that let's the loader randomize the binary layout in memory. I am also curious what this costs us in terms of downside to have on (I see a few comments about |
After consulting with my trusted companion, ChatGPT, I agree with @mattmoor that this is worth further thought.
|
lifting this out of slack for future context: the impetus for this change was I agree with luhring that we probably overcorrected making there seem to be ways to have
|
We are likely to start building dynamic Go binaries for other reasons, namely using libcrypto for cryptography (so we can do a single build and support FIPS mode in the usual way). |
We don't think this setting has a worthwhile benefit to the Go binaries we're building. cc: @joshrwolf @kaniini