Print this page
uts: Allow for address space randomisation.
Randomise the base addresses of shared objects, non-fixed mappings, the
stack and the heap. Introduce a service, svc:/system/process-security,
and a tool psecflags(1) to control and observe it
*** 938,948 ****
/* Minimum size of assert-deflib=lib%s.so */
mlen = MSG_ARG_ASSDEFLIB_SIZE + 1 + MSG_STR_LIB_SIZE +
MSG_STR_SOEXT_SIZE;
if (olen > MSG_ARG_ASSDEFLIB_SIZE) {
if (optarg[MSG_ARG_ASSDEFLIB_SIZE] != '=') {
- ld_eprintf(ofl, ERR_FATAL, "Missing =\n");
ld_eprintf(ofl, ERR_FATAL, MSG_INTL(MSG_ARG_ILLEGAL),
MSG_ORIG(MSG_ARG_ASSDEFLIB), optarg);
return (TRUE);
}
--- 938,947 ----
*** 1435,1444 ****
--- 1434,1469 ----
} else if (strncmp(optarg, MSG_ORIG(MSG_ARG_WRAP),
MSG_ARG_WRAP_SIZE) == 0) {
if (ld_wrap_enter(ofl,
optarg + MSG_ARG_WRAP_SIZE) == NULL)
return (S_ERROR);
+ } else if (strncmp(optarg, MSG_ORIG(MSG_ARG_ASLR),
+ MSG_ARG_ASLR_SIZE) == 0) {
+ char *p = optarg + MSG_ARG_ASLR_SIZE;
+ if (*p == '\0') {
+ ofl->ofl_aslr = 1;
+ } else if (*p == '=') {
+ p++;
+
+ if (strcmp(p,
+ MSG_ORIG(MSG_ARG_ENABLED)) == 0) {
+ ofl->ofl_aslr = 1;
+ } else if (strcmp(p,
+ MSG_ORIG(MSG_ARG_DISABLED)) == 0) {
+ ofl->ofl_aslr = -1;
+ } else {
+ ld_eprintf(ofl, ERR_FATAL,
+ MSG_INTL(MSG_ARG_ILLEGAL),
+ MSG_ORIG(MSG_ARG_ZASLR), p);
+ return (S_ERROR);
+ }
+ } else {
+ ld_eprintf(ofl, ERR_FATAL,
+ MSG_INTL(MSG_ARG_ILLEGAL),
+ MSG_ORIG(MSG_ARG_Z), optarg);
+ return (S_ERROR);
+ }
} else if ((strncmp(optarg, MSG_ORIG(MSG_ARG_GUIDE),
MSG_ARG_GUIDE_SIZE) == 0) &&
((optarg[MSG_ARG_GUIDE_SIZE] == '=') ||
(optarg[MSG_ARG_GUIDE_SIZE] == '\0'))) {
if (!guidance_parse(ofl, optarg))