Hello!
Here is a patch that lets you use `go build -buildmode=pie file.go` to
compile golang binaries on OpenBSD and get ASLR.
By default all the golang binaries compiled on openbsd are not
randomized, only linux and android have that feature.
This patch is against go1.8.3.src.tar.gz
diff -Naur go/src/cmd/go/build.go go-aslr/src/cmd/go/build.go
--- go/src/cmd/go/build.go 2017-05-24 18:15:12.000000000 +0000
+++ go-aslr/src/cmd/go/build.go 2017-06-09 18:26:12.740449349 +0000
@@ -383,8 +383,11 @@
} else {
switch platform {
case "linux/386", "linux/amd64", "linux/arm",
"linux/arm64", "linux/ppc64le", "linux/s390x",
- "android/amd64", "android/arm",
"android/arm64", "android/386":
+ "android/amd64", "android/arm",
"android/arm64", "android/386", "openbsd/amd64":
codegenArg = "-shared"
+ if platform == "openbsd/amd64" {
+ ldBuildmode = "pie"
+ }
default:
fatalf("-buildmode=pie not supported on
%s\n", platform)
}
diff -Naur go/src/cmd/link/internal/ld/config.go
go-aslr/src/cmd/link/internal/ld/config.go
--- go/src/cmd/link/internal/ld/config.go 2017-05-24
18:15:12.000000000 +0000
+++ go-aslr/src/cmd/link/internal/ld/config.go 2017-06-09
18:26:37.820448527 +0000
@@ -43,7 +43,7 @@
*mode = BuildmodeExe
case "pie":
switch obj.GOOS {
- case "android", "linux":
+ case "android", "linux", "openbsd":
default:
return badmode()
}
diff -Naur go/src/cmd/link/internal/ld/lib.go
go-aslr/src/cmd/link/internal/ld/lib.go
--- go/src/cmd/link/internal/ld/lib.go 2017-05-24 18:15:12.000000000
+0000
+++ go-aslr/src/cmd/link/internal/ld/lib.go 2017-06-09
18:26:56.903781235 +0000
@@ -1019,7 +1019,9 @@
argv = append(argv, "-Wl,-no_pie")
}
case obj.Hopenbsd:
- argv = append(argv, "-Wl,-nopie")
+ if Buildmode != BuildmodePIE {
+ argv = append(argv, "-Wl,-nopie")
+ }
case obj.Hwindows:
argv = append(argv, "-mconsole")
case obj.Hwindowsgui:
