Build Go binaries with `-buildmode=pie"?
View options
I was looking a bit how the obfs4proxy binary gets build for Android today and it turns out that Briar etc. use -buildmode=pie. Currently our Linux binaries have no PIE and no RELRO (but Stack Canaries, NX etc. enabled). Trying with -buildmode=pie results in "PIE enabled" but somewhat surprisingly our stack canaries are gone (but we get partial RELRO).
So, generally, should we start using PIE mode (and -extldflags=-pie where needed)? Or are we good with what we have?