It appears that the default build does not check for libc support of Full RELRO and PIE. Are there any plans to add checks for this, or is it assumed that everyone sets the right CFLAGS and LDFLAGS? I know that Debian, Ubuntu, Gentoo, Alpine and Fedora package build specs do this by default today.
The reason I ask is that I see a lot of people build this themselves and run it from docker. I am concerned that they are not getting the various libc protections that should be enabled on internet facing daemons. i.e. stack-protector, fortify source, full relro, pie, ssp buffer limits, etc..
I forgot to mention, if you want to check your existing daemons for these protections, either apt/yum install "checksec", or grab the script from it's maintainer [1] to check running daemons or files.
The reason I ask is that I see a lot of people build this themselves and run it from docker. I am concerned that they are not getting the various libc protections that should be enabled on internet facing daemons. i.e. stack-protector, fortify source, full relro, pie, ssp buffer limits, etc..