Print this page
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.

@@ -13,11 +13,11 @@
        [-i] [-I name] [-l x] [-L path] [-m] [-M mapfile]
        [-N string] [-o outfile] [-p auditlib] [-P auditlib]
        [-Q y | n] [-R path] [-s] [-S supportlib] [-t]
        [-u symname] [-V] [-Y P,dirlist] [-z absexec]
        [-z allextract | defaultextract | weakextract ] [-z altexec64]
-       [-z assert-deflib ] [ -z assert-deflib=libname ]
+       [-z aslr[=state]] [-z assert-deflib] [ -z assert-deflib=libname]
        [-z combreloc | nocombreloc ] [-z defs | nodefs]
        [-z direct | nodirect] [-z endfiltee]
        [-z fatal-warnings | nofatal-warnings ] [-z finiarray=function]
        [-z globalaudit] [-z groupperm | nogroupperm]
        [-z guidance[=id1,id2...] [-z help ]

@@ -594,10 +594,22 @@
            associated 64-bit ld. The 64-bit ld provides a larger virtual
            address space for building 32-bit objects. See The 32-bit link-
            editor and 64-bit link-editor in Linker and Libraries Guide.
 
 
+       -z aslr[=state]
+
+           Specify whether the executable's address space should be randomized
+           on execution.  If state is "enabled" randomization will always
+           occur when this executable is run (regardless of inherited
+           settings).  If state is "disabled" randomization will never occur
+           when this executable is run.  If state is omitted, ASLR is enabled.
+
+           An executable that should simply use the settings inherited from
+           its environment should not use this flag at all.
+
+
        -z combreloc | nocombreloc
 
            By default, ld combines multiple relocation sections when building
            executables or shared objects. This section combination differs
            from relocatable objects, in which relocation sections are