Hello, I am new to Golang, and need to harden the built output ELF file to satisfy the required ELF security.
Specifically, for the source file hello.go
:
// hello.go
package main
import "fmt"
func main() {
fmt.Println("hello world")
}
Firstly, I built out a ELF file hello
using command:
$ go build -build-mode=pie hello.go
Then I checked the ELF file via checksec tool:
$ checksec --file=hello
# --- output example ---
RELRO STACK CANARY NX PIE
No RELRO No canary found NX enabled PIE enabled
From the output of checksec, the RELRO and STACK CANARY checks are not satisfactory.
I also tried to specify the LDFLAGS
while building the Go program, but it still cannot pass checksec:
$ go build -buildmode=pie -ldflags="-extld=gcc -extldflags='-Wl,-z,relro,-z,now,-z,noexecstack'" hello.go
My problem: provided I have specific CFLAGS
and LDFLAGS
to properly harden the C programs, so how could I apply these flags into the Go programs?