From d0be6d96d04607df2225e26071c7768838f5569c Mon Sep 17 00:00:00 2001
From: Leonardo Grasso <me@leonardograsso.com>
Date: Wed, 7 Apr 2021 16:45:31 +0200
Subject: [PATCH] build: enable ASLR for statically linked build

Co-authored-by: Lorenzo Fontana <lo@linux.com>
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
---
 CMakeLists.txt | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 528497ec..5510de25 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -66,10 +66,11 @@ if(MINIMAL_BUILD)
 endif()
 
 if(MUSL_OPTIMIZED_BUILD)
-  set(MUSL_FLAGS "-static -Os")
+  set(MUSL_FLAGS "-static -Os -fPIE -pie")
 endif()
 
 # explicitly set hardening flags
+set(CMAKE_POSITION_INDEPENDENT_CODE ON)
 set(FALCO_SECURITY_FLAGS "-Wl,-z,relro,-z,now -fstack-protector-strong")
 if(CMAKE_BUILD_TYPE STREQUAL "release")
   set(FALCO_SECURITY_FLAGS "${FALCO_SECURITY_FLAGS} -D_FORTIFY_SOURCE=2")