Print this page
uts: Allow for address space randomisation.
Randomise the base addresses of shared objects, non-fixed mappings, the
stack and the heap.  Introduce a service, svc:/system/process-security,
and a tool psecflags(1) to control and observe it

Split Close
Expand all
Collapse all
          --- old/usr/src/man/man1/ld.1.man.txt
          +++ new/usr/src/man/man1/ld.1.man.txt
↓ open down ↓ 7 lines elided ↑ open up ↑
   8    8  SYNOPSIS
   9    9         ld [-32 | -64] [-a | -r] [-b] [-Bdirect | nodirect]
  10   10         [-B dynamic | static] [-B eliminate] [-B group] [-B local]
  11   11         [-B reduce] [-B symbolic] [-c name] [-C] [-d y | n]
  12   12         [-D token,...] [-e epsym] [-f name | -F name] [-G] [-h name]
  13   13         [-i] [-I name] [-l x] [-L path] [-m] [-M mapfile]
  14   14         [-N string] [-o outfile] [-p auditlib] [-P auditlib]
  15   15         [-Q y | n] [-R path] [-s] [-S supportlib] [-t]
  16   16         [-u symname] [-V] [-Y P,dirlist] [-z absexec]
  17   17         [-z allextract | defaultextract | weakextract ] [-z altexec64]
  18      -       [-z assert-deflib ] [ -z assert-deflib=libname ]
       18 +       [-z aslr[=state]] [-z assert-deflib] [ -z assert-deflib=libname]
  19   19         [-z combreloc | nocombreloc ] [-z defs | nodefs]
  20   20         [-z direct | nodirect] [-z endfiltee]
  21   21         [-z fatal-warnings | nofatal-warnings ] [-z finiarray=function]
  22   22         [-z globalaudit] [-z groupperm | nogroupperm]
  23   23         [-z guidance[=id1,id2...] [-z help ]
  24   24         [-z ignore | record] [-z initarray=function] [-z initfirst]
  25   25         [-z interpose] [-z lazyload | nolazyload]
  26   26         [-z ld32=arg1,arg2,...] [-z ld64=arg1,arg2,...]
  27   27         [-z loadfltr] [-z muldefs] [-z nocompstrtab] [-z nodefaultlib]
  28   28         [-z nodelete] [-z nodlopen] [-z nodump] [-z noldynsym]
↓ open down ↓ 519 lines elided ↑ open up ↑
 548  548  
 549  549         -z altexec64
 550  550             Execute the 64-bit ld. The creation of very large 32-bit objects
 551  551             can exhaust the virtual memory that is available to the 32-bit ld.
 552  552             The -z altexec64 option can be used to force the use of the
 553  553             associated 64-bit ld. The 64-bit ld provides a larger virtual
 554  554             address space for building 32-bit objects. See The 32-bit link-
 555  555             editor and 64-bit link-editor in Linker and Libraries Guide.
 556  556  
 557  557  
      558 +       -z aslr[=state]
      559 +           Specify whether the executable's address space should be randomized
      560 +           on execution.  If state is "enabled" randomization will always
      561 +           occur when this executable is run (regardless of inherited
      562 +           settings).  If state is "disabled" randomization will never occur
      563 +           when this executable is run.  If state is omitted, ASLR is enabled.
      564 +
      565 +           An executable that should simple use the settings inherited from
      566 +           its environment should not use this flag at all.
      567 +
      568 +
 558  569         -z combreloc | nocombreloc
 559  570             By default, ld combines multiple relocation sections when building
 560  571             executables or shared objects. This section combination differs
 561  572             from relocatable objects, in which relocation sections are
 562  573             maintained in a one-to-one relationship with the sections to which
 563  574             the relocations must be applied. The -z nocombreloc option disables
 564  575             this merging of relocation sections, and preserves the one-to-one
 565  576             relationship found in the original relocatable objects.
 566  577  
 567  578             ld sorts the entries of data relocation sections by their symbol
↓ open down ↓ 653 lines elided ↑ open up ↑
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX