Print this page
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.

@@ -18,11 +18,11 @@
 [\fB-i\fR] [\fB-I\fR \fIname\fR] [\fB-l\fR \fIx\fR] [\fB-L\fR \fIpath\fR] [\fB-m\fR] [\fB-M\fR \fImapfile\fR]
 [\fB-N\fR \fIstring\fR] [\fB-o\fR \fIoutfile\fR] [\fB-p\fR \fIauditlib\fR] [\fB-P\fR \fIauditlib\fR]
 [\fB-Q\fR y | n] [\fB-R\fR \fIpath\fR] [\fB-s\fR] [\fB-S\fR \fIsupportlib\fR] [\fB-t\fR]
 [\fB-u\fR \fIsymname\fR] [\fB-V\fR] [\fB-Y P\fR\fI,dirlist\fR] [\fB-z\fR absexec]
 [\fB-z\fR allextract | defaultextract | weakextract ] [\fB-z\fR altexec64]
-[\fB-z\fR assert-deflib ] [ \fB-z\fR assert-deflib=\fIlibname\fR ]
+[\fB-z\fR aslr[=\fIstate\fR]] [\fB-z\fR assert-deflib] [ \fB-z\fR assert-deflib=\fIlibname\fR]
 [\fB-z\fR combreloc | nocombreloc ] [\fB-z\fR defs | nodefs]
 [\fB-z\fR direct | nodirect] [\fB-z\fR endfiltee]
 [\fB-z\fR fatal-warnings | nofatal-warnings ] [\fB-z\fR finiarray=\fIfunction\fR]
 [\fB-z\fR globalaudit] [\fB-z\fR groupperm | nogroupperm] 
 [\fB-z\fR guidance[=\fIid1\fR,\fIid2\fR...] [\fB-z\fR help ]

@@ -37,11 +37,10 @@
 [\fB-z\fR target=sparc|x86] [\fB-z\fR text | textwarn | textoff]
 [\fB-z\fR verbose] [\fB-z\fR wrap=\fIsymbol\fR] \fIfilename\fR...
 .fi
 
 .SH DESCRIPTION
-.sp
 .LP
 The link-editor, \fBld\fR, combines relocatable object files by resolving
 symbol references to symbol definitions, together with performing relocations.
 \fBld\fR operates in two modes, static or dynamic, as governed by the \fB-d\fR
 option. In all cases, the output of \fBld\fR is left in the file \fBa.out\fR by

@@ -102,11 +101,10 @@
 operate. The mixing of 32-bit objects and 64-bit objects is not permitted.
 Similarly, only objects of a single machine type are allowed. See the
 \fB-32\fR, \fB-64\fR and \fB-z target\fR options, and the \fBLD_NOEXEC_64\fR
 environment variable.
 .SS "Static Executables"
-.sp
 .LP
 The creation of static executables has been discouraged for many releases. In
 fact, 64-bit system archive libraries have never been provided. Because a
 static executable is built against system archive libraries, the executable
 contains system implementation details. This self-containment has a number of

@@ -138,11 +136,10 @@
 Without these libraries, specifically \fBlibc.a\fR, the creation of static
 executables is no longer achievable without specialized system knowledge.
 However, the capability of \fBld\fR to process static linking options, and the
 processing of archive libraries, remains unchanged.
 .SH OPTIONS
-.sp
 .LP
 The following options are supported.
 .sp
 .ne 2
 .na

@@ -843,10 +840,27 @@
 .RE
 
 .sp
 .ne 2
 .na
+\fB-z\fR \fBaslr[=\fIstate\fR]\fR
+.ad
+.sp .6
+.RS 4n
+Specify whether the executable's address space should be randomized on
+execution.  If \fIstate\fR is "enabled" randomization will always occur when
+this executable is run (regardless of inherited settings).  If \fIstate\fR is
+"disabled" randomization will never occur when this executable is run.  If
+\fIstate\fR is omitted, ASLR is enabled.
+
+An executable that should simply use the settings inherited from its
+environment should not use this flag at all.
+.RE
+
+.sp
+.ne 2
+.na
 \fB\fB-z\fR \fBcombreloc\fR | \fBnocombreloc\fR\fR
 .ad
 .sp .6
 .RS 4n
 By default, \fBld\fR combines multiple relocation sections when building

@@ -1627,11 +1641,10 @@
 that operation for the link-editor to carry out, and prevent the wrap from
 occurring.
 .RE
 
 .SH ENVIRONMENT VARIABLES
-.sp
 .ne 2
 .na
 \fB\fBLD_ALTEXEC\fR\fR
 .ad
 .sp .6

@@ -1756,11 +1769,10 @@
 .LP
 Notice that environment variable-names that begin with the
 characters '\fBLD_\fR' are reserved for possible future enhancements to \fBld\fR and
 \fBld.so.1\fR(1).
 .SH FILES
-.sp
 .ne 2
 .na
 \fB\fBlib\fIx\fR.so\fR\fR
 .ad
 .RS 15n

@@ -1806,11 +1818,10 @@
 link-editing. These \fBmapfiles\fR provide various capabilities, such as
 defining memory layouts, aligning bss, and defining non-executable stacks.
 .RE
 
 .SH ATTRIBUTES
-.sp
 .LP
 See \fBattributes\fR(5) for descriptions of the following attributes:
 .sp
 
 .sp

@@ -1822,21 +1833,19 @@
 _
 Interface Stability     Committed
 .TE
 
 .SH SEE ALSO
-.sp
 .LP
 \fBas\fR(1), \fBcrle\fR(1), \fBgprof\fR(1), \fBld.so.1\fR(1), \fBldd\fR(1),
 \fBmcs\fR(1), \fBpvs\fR(1), \fBexec\fR(2), \fBstat\fR(2), \fBdlopen\fR(3C),
 \fBdldump\fR(3C), \fBelf\fR(3ELF), \fBar.h\fR(3HEAD), \fBa.out\fR(4),
 \fBattributes\fR(5)
 .sp
 .LP
 \fILinker and Libraries Guide\fR
 .SH NOTES
-.sp
 .LP
 Default options applied by \fBld\fR are maintained for historic reasons. In
 today's programming environment, where dynamic objects dominate, alternative
 defaults would often make more sense. However, historic defaults must be
 maintained to ensure compatibility with existing program development