Print this page
uts: Allow for address space randomisation.
Randomise the base addresses of shared objects, non-fixed mappings, the
stack and the heap.  Introduce a service, svc:/system/process-security,
and a tool psecflags(1) to control and observe it


2515                         dyn++;
2516                 }
2517                 if (ofl->ofl_oscapinfo) {
2518                         dyn->d_tag = DT_SUNW_CAPINFO;
2519                         dyn->d_un.d_val = ofl->ofl_oscapinfo->os_shdr->sh_addr;
2520                         dyn++;
2521                 }
2522                 if (ofl->ofl_oscapchain) {
2523                         shdr = ofl->ofl_oscapchain->os_shdr;
2524 
2525                         dyn->d_tag = DT_SUNW_CAPCHAIN;
2526                         dyn->d_un.d_val = shdr->sh_addr;
2527                         dyn++;
2528                         dyn->d_tag = DT_SUNW_CAPCHAINSZ;
2529                         dyn->d_un.d_val = shdr->sh_size;
2530                         dyn++;
2531                         dyn->d_tag = DT_SUNW_CAPCHAINENT;
2532                         dyn->d_un.d_val = shdr->sh_entsize;
2533                         dyn++;
2534                 }







2535                 if (flags & FLG_OF_SYMBOLIC) {
2536                         dyn->d_tag = DT_SYMBOLIC;
2537                         dyn->d_un.d_val = 0;
2538                         dyn++;
2539                 }
2540         }
2541 
2542         dyn->d_tag = DT_FLAGS;
2543         dyn->d_un.d_val = ofl->ofl_dtflags;
2544         dyn++;
2545 
2546         /*
2547          * If -Bdirect was specified, but some NODIRECT symbols were specified
2548          * via a mapfile, or -znodirect was used on the command line, then
2549          * clear the DF_1_DIRECT flag.  The resultant object will use per-symbol
2550          * direct bindings rather than be enabled for global direct bindings.
2551          *
2552          * If any no-direct bindings exist within this object, set the
2553          * DF_1_NODIRECT flag.  ld(1) recognizes this flag when processing
2554          * dependencies, and performs extra work to ensure that no direct




2515                         dyn++;
2516                 }
2517                 if (ofl->ofl_oscapinfo) {
2518                         dyn->d_tag = DT_SUNW_CAPINFO;
2519                         dyn->d_un.d_val = ofl->ofl_oscapinfo->os_shdr->sh_addr;
2520                         dyn++;
2521                 }
2522                 if (ofl->ofl_oscapchain) {
2523                         shdr = ofl->ofl_oscapchain->os_shdr;
2524 
2525                         dyn->d_tag = DT_SUNW_CAPCHAIN;
2526                         dyn->d_un.d_val = shdr->sh_addr;
2527                         dyn++;
2528                         dyn->d_tag = DT_SUNW_CAPCHAINSZ;
2529                         dyn->d_un.d_val = shdr->sh_size;
2530                         dyn++;
2531                         dyn->d_tag = DT_SUNW_CAPCHAINENT;
2532                         dyn->d_un.d_val = shdr->sh_entsize;
2533                         dyn++;
2534                 }
2535 
2536                 if (ofl->ofl_aslr != 0) {
2537                         dyn->d_tag = DT_SUNW_ASLR;
2538                         dyn->d_un.d_val = (ofl->ofl_aslr == 1);
2539                         dyn++;
2540                 }
2541 
2542                 if (flags & FLG_OF_SYMBOLIC) {
2543                         dyn->d_tag = DT_SYMBOLIC;
2544                         dyn->d_un.d_val = 0;
2545                         dyn++;
2546                 }
2547         }
2548 
2549         dyn->d_tag = DT_FLAGS;
2550         dyn->d_un.d_val = ofl->ofl_dtflags;
2551         dyn++;
2552 
2553         /*
2554          * If -Bdirect was specified, but some NODIRECT symbols were specified
2555          * via a mapfile, or -znodirect was used on the command line, then
2556          * clear the DF_1_DIRECT flag.  The resultant object will use per-symbol
2557          * direct bindings rather than be enabled for global direct bindings.
2558          *
2559          * If any no-direct bindings exist within this object, set the
2560          * DF_1_NODIRECT flag.  ld(1) recognizes this flag when processing
2561          * dependencies, and performs extra work to ensure that no direct