Print this page
uts: Allow for address space randomisation.
Randomise the base addresses of shared objects, non-fixed mappings, the
stack and the heap.  Introduce a service, svc:/system/process-security,
and a tool psecflags(1) to control and observe it

Split Close
Expand all
Collapse all
          --- old/usr/src/cmd/sgs/include/libld.h
          +++ new/usr/src/cmd/sgs/include/libld.h
↓ open down ↓ 398 lines elided ↑ open up ↑
 399  399          Objcapset       ofl_ocapset;    /* object capabilities */
 400  400          Lm_list         *ofl_lml;       /* runtime link-map list */
 401  401          Gottable        *ofl_gottable;  /* debugging got information */
 402  402          Rlxrel_cache    ofl_sr_cache;   /* Cache last result from */
 403  403                                          /*      sloppy_comdat_reloc() */
 404  404          APlist          *ofl_maptext;   /* mapfile added text sections */
 405  405          APlist          *ofl_mapdata;   /* mapfile added data sections */
 406  406          avl_tree_t      *ofl_wrap;      /* -z wrap symbols */
 407  407          ofl_guideflag_t ofl_guideflags; /* -z guide flags */
 408  408          APlist          *ofl_assdeflib; /* -z assert-deflib exceptions */
      409 +        int             ofl_aslr;       /* -z aslr, -1 is disable, 1 is enable */
      410 +        /*
      411 +         * XXX: I'd rather this be ofl_secflags, -z secflags, and
      412 +         * DT_ILL_SECFLAGS, with ASLR and -z aslr for compat.  I think? maybe?
      413 +         */
 409  414  };
 410  415  
 411  416  #define FLG_OF_DYNAMIC  0x00000001      /* generate dynamic output module */
 412  417  #define FLG_OF_STATIC   0x00000002      /* generate static output module */
 413  418  #define FLG_OF_EXEC     0x00000004      /* generate an executable */
 414  419  #define FLG_OF_RELOBJ   0x00000008      /* generate a relocatable object */
 415  420  #define FLG_OF_SHAROBJ  0x00000010      /* generate a shared object */
 416  421  #define FLG_OF_BFLAG    0x00000020      /* do no special plt building: -b */
 417  422  #define FLG_OF_IGNENV   0x00000040      /* ignore LD_LIBRARY_PATH: -i */
 418  423  #define FLG_OF_STRIP    0x00000080      /* strip output: -s */
↓ open down ↓ 1151 lines elided ↑ open up ↑
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX