Print this page
uts: Allow for address space randomisation.
Randomise the base addresses of shared objects, non-fixed mappings, the
stack and the heap.  Introduce a service, svc:/system/process-security,
and a tool psecflags(1) to control and observe it

*** 938,948 **** /* Minimum size of assert-deflib=lib%s.so */ mlen = MSG_ARG_ASSDEFLIB_SIZE + 1 + MSG_STR_LIB_SIZE + MSG_STR_SOEXT_SIZE; if (olen > MSG_ARG_ASSDEFLIB_SIZE) { if (optarg[MSG_ARG_ASSDEFLIB_SIZE] != '=') { - ld_eprintf(ofl, ERR_FATAL, "Missing =\n"); ld_eprintf(ofl, ERR_FATAL, MSG_INTL(MSG_ARG_ILLEGAL), MSG_ORIG(MSG_ARG_ASSDEFLIB), optarg); return (TRUE); } --- 938,947 ----
*** 1435,1444 **** --- 1434,1469 ---- } else if (strncmp(optarg, MSG_ORIG(MSG_ARG_WRAP), MSG_ARG_WRAP_SIZE) == 0) { if (ld_wrap_enter(ofl, optarg + MSG_ARG_WRAP_SIZE) == NULL) return (S_ERROR); + } else if (strncmp(optarg, MSG_ORIG(MSG_ARG_ASLR), + MSG_ARG_ASLR_SIZE) == 0) { + char *p = optarg + MSG_ARG_ASLR_SIZE; + if (*p == '\0') { + ofl->ofl_aslr = 1; + } else if (*p == '=') { + p++; + + if (strcmp(p, + MSG_ORIG(MSG_ARG_ENABLED)) == 0) { + ofl->ofl_aslr = 1; + } else if (strcmp(p, + MSG_ORIG(MSG_ARG_DISABLED)) == 0) { + ofl->ofl_aslr = -1; + } else { + ld_eprintf(ofl, ERR_FATAL, + MSG_INTL(MSG_ARG_ILLEGAL), + MSG_ORIG(MSG_ARG_ZASLR), p); + return (S_ERROR); + } + } else { + ld_eprintf(ofl, ERR_FATAL, + MSG_INTL(MSG_ARG_ILLEGAL), + MSG_ORIG(MSG_ARG_Z), optarg); + return (S_ERROR); + } } else if ((strncmp(optarg, MSG_ORIG(MSG_ARG_GUIDE), MSG_ARG_GUIDE_SIZE) == 0) && ((optarg[MSG_ARG_GUIDE_SIZE] == '=') || (optarg[MSG_ARG_GUIDE_SIZE] == '\0'))) { if (!guidance_parse(ofl, optarg))