Print this page
uts: Allow for address space randomisation.
Randomise the base addresses of shared objects, non-fixed mappings, the
stack and the heap. Introduce a service, svc:/system/process-security,
and a tool psecflags(1) to control and observe it
*** 13,23 ****
[-i] [-I name] [-l x] [-L path] [-m] [-M mapfile]
[-N string] [-o outfile] [-p auditlib] [-P auditlib]
[-Q y | n] [-R path] [-s] [-S supportlib] [-t]
[-u symname] [-V] [-Y P,dirlist] [-z absexec]
[-z allextract | defaultextract | weakextract ] [-z altexec64]
! [-z assert-deflib ] [ -z assert-deflib=libname ]
[-z combreloc | nocombreloc ] [-z defs | nodefs]
[-z direct | nodirect] [-z endfiltee]
[-z fatal-warnings | nofatal-warnings ] [-z finiarray=function]
[-z globalaudit] [-z groupperm | nogroupperm]
[-z guidance[=id1,id2...] [-z help ]
--- 13,23 ----
[-i] [-I name] [-l x] [-L path] [-m] [-M mapfile]
[-N string] [-o outfile] [-p auditlib] [-P auditlib]
[-Q y | n] [-R path] [-s] [-S supportlib] [-t]
[-u symname] [-V] [-Y P,dirlist] [-z absexec]
[-z allextract | defaultextract | weakextract ] [-z altexec64]
! [-z aslr[=state]] [-z assert-deflib] [ -z assert-deflib=libname]
[-z combreloc | nocombreloc ] [-z defs | nodefs]
[-z direct | nodirect] [-z endfiltee]
[-z fatal-warnings | nofatal-warnings ] [-z finiarray=function]
[-z globalaudit] [-z groupperm | nogroupperm]
[-z guidance[=id1,id2...] [-z help ]
*** 553,562 ****
--- 553,573 ----
associated 64-bit ld. The 64-bit ld provides a larger virtual
address space for building 32-bit objects. See The 32-bit link-
editor and 64-bit link-editor in Linker and Libraries Guide.
+ -z aslr[=state]
+ Specify whether the executable's address space should be randomized
+ on execution. If state is "enabled" randomization will always
+ occur when this executable is run (regardless of inherited
+ settings). If state is "disabled" randomization will never occur
+ when this executable is run. If state is omitted, ASLR is enabled.
+
+ An executable that should simple use the settings inherited from
+ its environment should not use this flag at all.
+
+
-z combreloc | nocombreloc
By default, ld combines multiple relocation sections when building
executables or shared objects. This section combination differs
from relocatable objects, in which relocation sections are
maintained in a one-to-one relationship with the sections to which