il-aslr Cdiff usr/src/man/man1/ld.1

Print this page

uts: Allow for address space randomisation.
Randomise the base addresses of shared objects, non-fixed mappings, the
stack and the heap.  Introduce a service, svc:/system/process-security,
and a tool psecflags(1) to control and observe it


*** 18,28 ****
  [\fB-i\fR] [\fB-I\fR \fIname\fR] [\fB-l\fR \fIx\fR] [\fB-L\fR \fIpath\fR] [\fB-m\fR] [\fB-M\fR \fImapfile\fR]
  [\fB-N\fR \fIstring\fR] [\fB-o\fR \fIoutfile\fR] [\fB-p\fR \fIauditlib\fR] [\fB-P\fR \fIauditlib\fR]
  [\fB-Q\fR y | n] [\fB-R\fR \fIpath\fR] [\fB-s\fR] [\fB-S\fR \fIsupportlib\fR] [\fB-t\fR]
  [\fB-u\fR \fIsymname\fR] [\fB-V\fR] [\fB-Y P\fR\fI,dirlist\fR] [\fB-z\fR absexec]
  [\fB-z\fR allextract | defaultextract | weakextract ] [\fB-z\fR altexec64]
! [\fB-z\fR assert-deflib ] [ \fB-z\fR assert-deflib=\fIlibname\fR ]
  [\fB-z\fR combreloc | nocombreloc ] [\fB-z\fR defs | nodefs]
  [\fB-z\fR direct | nodirect] [\fB-z\fR endfiltee]
  [\fB-z\fR fatal-warnings | nofatal-warnings ] [\fB-z\fR finiarray=\fIfunction\fR]
  [\fB-z\fR globalaudit] [\fB-z\fR groupperm | nogroupperm] 
  [\fB-z\fR guidance[=\fIid1\fR,\fIid2\fR...] [\fB-z\fR help ]
--- 18,28 ----
  [\fB-i\fR] [\fB-I\fR \fIname\fR] [\fB-l\fR \fIx\fR] [\fB-L\fR \fIpath\fR] [\fB-m\fR] [\fB-M\fR \fImapfile\fR]
  [\fB-N\fR \fIstring\fR] [\fB-o\fR \fIoutfile\fR] [\fB-p\fR \fIauditlib\fR] [\fB-P\fR \fIauditlib\fR]
  [\fB-Q\fR y | n] [\fB-R\fR \fIpath\fR] [\fB-s\fR] [\fB-S\fR \fIsupportlib\fR] [\fB-t\fR]
  [\fB-u\fR \fIsymname\fR] [\fB-V\fR] [\fB-Y P\fR\fI,dirlist\fR] [\fB-z\fR absexec]
  [\fB-z\fR allextract | defaultextract | weakextract ] [\fB-z\fR altexec64]
! [\fB-z\fR aslr[=\fIstate\fR]] [\fB-z\fR assert-deflib] [ \fB-z\fR assert-deflib=\fIlibname\fR]
  [\fB-z\fR combreloc | nocombreloc ] [\fB-z\fR defs | nodefs]
  [\fB-z\fR direct | nodirect] [\fB-z\fR endfiltee]
  [\fB-z\fR fatal-warnings | nofatal-warnings ] [\fB-z\fR finiarray=\fIfunction\fR]
  [\fB-z\fR globalaudit] [\fB-z\fR groupperm | nogroupperm] 
  [\fB-z\fR guidance[=\fIid1\fR,\fIid2\fR...] [\fB-z\fR help ]
*** 843,852 ****
--- 843,869 ----
  .RE
  
  .sp
  .ne 2
  .na
+ \fB-z\fR \fBaslr[=\fIstate\fR]\fR
+ .ad
+ .sp .6
+ .RS 4n
+ Specify whether the executable's address space should be randomized on
+ execution.  If \fIstate\fR is "enabled" randomization will always occur when
+ this executable is run (regardless of inherited settings).  If \fIstate\fR is
+ "disabled" randomization will never occur when this executable is run.  If
+ \fIstate\fR is omitted, ASLR is enabled.
+ 
+ An executable that should simple use the settings inherited from its
+ environment should not use this flag at all.
+ .RE
+ 
+ .sp
+ .ne 2
+ .na
  \fB\fB-z\fR \fBcombreloc\fR | \fBnocombreloc\fR\fR
  .ad
  .sp .6
  .RS 4n
  By default, \fBld\fR combines multiple relocation sections when building