Describe the enhancement:
Add a buildmode flag to enable our Go binaries to support ASLR. This should be included in Elastic Agent, Beats and Fleet Server.
A few years ago Golang added support for -buildmode=pie. This enables Go binaries to take advantage of ASLR and helps us mitigate the potential for someone to create a reliable exploit if we one day discover a vulnerability. There are a few resources online to learn more about why ASLR is important, like this blog.
I noticed a few other Go projects have successfully added this, like Cloud Foundry's go-buildpack.
Describe the enhancement:
Add a buildmode flag to enable our Go binaries to support ASLR. This should be included in Elastic Agent, Beats and Fleet Server.
A few years ago Golang added support for -buildmode=pie. This enables Go binaries to take advantage of ASLR and helps us mitigate the potential for someone to create a reliable exploit if we one day discover a vulnerability. There are a few resources online to learn more about why ASLR is important, like this blog.
I noticed a few other Go projects have successfully added this, like Cloud Foundry's go-buildpack.