il-aslr Sdiff usr/src/man/man1/ld.1

Print this page

uts: Allow for address space randomisation.
Randomise the base addresses of shared objects, non-fixed mappings, the
stack and the heap.  Introduce a service, svc:/system/process-security,
and a tool psecflags(1) to control and observe it

   3 .\" Copyright (c) 2009, Sun Microsystems, Inc. All Rights Reserved
   4 .\" Copyright (c) 2012, Joyent, Inc. All Rights Reserved
   5 .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License. You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.
   6 .\"  See the License for the specific language governing permissions and limitations under the License. When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with
   7 .\" the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
   8 .TH LD 1 "Sep 10, 2013"
   9 .SH NAME
  10 ld \- link-editor for object files
  11 .SH SYNOPSIS
  12 .LP
  13 .nf
  14 \fBld\fR [\fB-32\fR | \fB-64\fR] [\fB-a\fR | \fB-r\fR] [\fB-b\fR] [\fB-B\fRdirect | nodirect]
  15 [\fB-B\fR dynamic | static] [\fB-B\fR eliminate] [\fB-B\fR group] [\fB-B\fR local]
  16 [\fB-B\fR reduce] [\fB-B\fR symbolic] [\fB-c\fR \fIname\fR] [\fB-C\fR] [\fB-d\fR y | n]
  17 [\fB-D\fR \fItoken\fR,...] [\fB-e\fR \fIepsym\fR] [\fB-f\fR \fIname\fR | \fB-F\fR \fIname\fR] [\fB-G\fR] [\fB-h\fR \fIname\fR]
  18 [\fB-i\fR] [\fB-I\fR \fIname\fR] [\fB-l\fR \fIx\fR] [\fB-L\fR \fIpath\fR] [\fB-m\fR] [\fB-M\fR \fImapfile\fR]
  19 [\fB-N\fR \fIstring\fR] [\fB-o\fR \fIoutfile\fR] [\fB-p\fR \fIauditlib\fR] [\fB-P\fR \fIauditlib\fR]
  20 [\fB-Q\fR y | n] [\fB-R\fR \fIpath\fR] [\fB-s\fR] [\fB-S\fR \fIsupportlib\fR] [\fB-t\fR]
  21 [\fB-u\fR \fIsymname\fR] [\fB-V\fR] [\fB-Y P\fR\fI,dirlist\fR] [\fB-z\fR absexec]
  22 [\fB-z\fR allextract | defaultextract | weakextract ] [\fB-z\fR altexec64]
  23 [\fB-z\fR assert-deflib ] [ \fB-z\fR assert-deflib=\fIlibname\fR ]
  24 [\fB-z\fR combreloc | nocombreloc ] [\fB-z\fR defs | nodefs]
  25 [\fB-z\fR direct | nodirect] [\fB-z\fR endfiltee]
  26 [\fB-z\fR fatal-warnings | nofatal-warnings ] [\fB-z\fR finiarray=\fIfunction\fR]
  27 [\fB-z\fR globalaudit] [\fB-z\fR groupperm | nogroupperm] 
  28 [\fB-z\fR guidance[=\fIid1\fR,\fIid2\fR...] [\fB-z\fR help ]
  29 [\fB-z\fR ignore | record] [\fB-z\fR initarray=\fIfunction\fR] [\fB-z\fR initfirst]
  30 [\fB-z\fR interpose] [\fB-z\fR lazyload | nolazyload]
  31 [\fB-z\fR ld32=\fIarg1\fR,\fIarg2\fR,...] [\fB-z\fR ld64=\fIarg1\fR,\fIarg2\fR,...]
  32 [\fB-z\fR loadfltr] [\fB-z\fR muldefs] [\fB-z\fR nocompstrtab] [\fB-z\fR nodefaultlib]
  33 [\fB-z\fR nodelete] [\fB-z\fR nodlopen] [\fB-z\fR nodump] [\fB-z\fR noldynsym]
  34 [\fB-z\fR nopartial] [\fB-z\fR noversion] [\fB-z\fR now] [\fB-z\fR origin]
  35 [\fB-z\fR preinitarray=\fIfunction\fR] [\fB-z\fR redlocsym] [\fB-z\fR relaxreloc]
  36 [\fB-z\fR rescan-now] [\fB-z\fR recan] [\fB-z\fR rescan-start \fI\&...\fR \fB-z\fR rescan-end]]
  37 [\fB-z\fR target=sparc|x86] [\fB-z\fR text | textwarn | textoff]
  38 [\fB-z\fR verbose] [\fB-z\fR wrap=\fIsymbol\fR] \fIfilename\fR...
  39 .fi
  40 
  41 .SH DESCRIPTION
  42 .sp
  43 .LP

 828 .RE
 829 
 830 .sp
 831 .ne 2
 832 .na
 833 \fB\fB-z\fR \fBaltexec64\fR\fR
 834 .ad
 835 .sp .6
 836 .RS 4n
 837 Execute the 64-bit \fBld\fR. The creation of very large 32-bit objects can
 838 exhaust the virtual memory that is available to the 32-bit \fBld\fR. The
 839 \fB-z\fR \fBaltexec64\fR option can be used to force the use of the associated
 840 64-bit \fBld\fR. The 64-bit \fBld\fR provides a larger virtual address space
 841 for building 32-bit objects. See \fIThe 32-bit link-editor and 64-bit
 842 link-editor\fR in \fILinker and Libraries Guide\fR.
 843 .RE
 844 
 845 .sp
 846 .ne 2
 847 .na

















 848 \fB\fB-z\fR \fBcombreloc\fR | \fBnocombreloc\fR\fR
 849 .ad
 850 .sp .6
 851 .RS 4n
 852 By default, \fBld\fR combines multiple relocation sections when building
 853 executables or shared objects. This section combination differs from
 854 relocatable objects, in which relocation sections are maintained in a
 855 one-to-one relationship with the sections to which the relocations must be
 856 applied. The \fB-z\fR \fBnocombreloc\fR option disables this merging of
 857 relocation sections, and preserves the one-to-one relationship found in the
 858 original relocatable objects.
 859 .sp
 860 \fBld\fR sorts the entries of data relocation sections by their symbol
 861 reference. This sorting reduces runtime symbol lookup. When multiple relocation
 862 sections are combined, this sorting produces the least possible relocation
 863 overhead when objects are loaded into memory, and speeds the runtime loading of
 864 dynamic objects.
 865 .sp
 866 Historically, the individual relocation sections were carried over to any
 867 executable or shared object, and the \fB-z\fR \fBcombreloc\fR option was

   3 .\" Copyright (c) 2009, Sun Microsystems, Inc. All Rights Reserved
   4 .\" Copyright (c) 2012, Joyent, Inc. All Rights Reserved
   5 .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License. You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.
   6 .\"  See the License for the specific language governing permissions and limitations under the License. When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with
   7 .\" the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
   8 .TH LD 1 "Sep 10, 2013"
   9 .SH NAME
  10 ld \- link-editor for object files
  11 .SH SYNOPSIS
  12 .LP
  13 .nf
  14 \fBld\fR [\fB-32\fR | \fB-64\fR] [\fB-a\fR | \fB-r\fR] [\fB-b\fR] [\fB-B\fRdirect | nodirect]
  15 [\fB-B\fR dynamic | static] [\fB-B\fR eliminate] [\fB-B\fR group] [\fB-B\fR local]
  16 [\fB-B\fR reduce] [\fB-B\fR symbolic] [\fB-c\fR \fIname\fR] [\fB-C\fR] [\fB-d\fR y | n]
  17 [\fB-D\fR \fItoken\fR,...] [\fB-e\fR \fIepsym\fR] [\fB-f\fR \fIname\fR | \fB-F\fR \fIname\fR] [\fB-G\fR] [\fB-h\fR \fIname\fR]
  18 [\fB-i\fR] [\fB-I\fR \fIname\fR] [\fB-l\fR \fIx\fR] [\fB-L\fR \fIpath\fR] [\fB-m\fR] [\fB-M\fR \fImapfile\fR]
  19 [\fB-N\fR \fIstring\fR] [\fB-o\fR \fIoutfile\fR] [\fB-p\fR \fIauditlib\fR] [\fB-P\fR \fIauditlib\fR]
  20 [\fB-Q\fR y | n] [\fB-R\fR \fIpath\fR] [\fB-s\fR] [\fB-S\fR \fIsupportlib\fR] [\fB-t\fR]
  21 [\fB-u\fR \fIsymname\fR] [\fB-V\fR] [\fB-Y P\fR\fI,dirlist\fR] [\fB-z\fR absexec]
  22 [\fB-z\fR allextract | defaultextract | weakextract ] [\fB-z\fR altexec64]
  23 [\fB-z\fR aslr[=\fIstate\fR]] [\fB-z\fR assert-deflib] [ \fB-z\fR assert-deflib=\fIlibname\fR]
  24 [\fB-z\fR combreloc | nocombreloc ] [\fB-z\fR defs | nodefs]
  25 [\fB-z\fR direct | nodirect] [\fB-z\fR endfiltee]
  26 [\fB-z\fR fatal-warnings | nofatal-warnings ] [\fB-z\fR finiarray=\fIfunction\fR]
  27 [\fB-z\fR globalaudit] [\fB-z\fR groupperm | nogroupperm] 
  28 [\fB-z\fR guidance[=\fIid1\fR,\fIid2\fR...] [\fB-z\fR help ]
  29 [\fB-z\fR ignore | record] [\fB-z\fR initarray=\fIfunction\fR] [\fB-z\fR initfirst]
  30 [\fB-z\fR interpose] [\fB-z\fR lazyload | nolazyload]
  31 [\fB-z\fR ld32=\fIarg1\fR,\fIarg2\fR,...] [\fB-z\fR ld64=\fIarg1\fR,\fIarg2\fR,...]
  32 [\fB-z\fR loadfltr] [\fB-z\fR muldefs] [\fB-z\fR nocompstrtab] [\fB-z\fR nodefaultlib]
  33 [\fB-z\fR nodelete] [\fB-z\fR nodlopen] [\fB-z\fR nodump] [\fB-z\fR noldynsym]
  34 [\fB-z\fR nopartial] [\fB-z\fR noversion] [\fB-z\fR now] [\fB-z\fR origin]
  35 [\fB-z\fR preinitarray=\fIfunction\fR] [\fB-z\fR redlocsym] [\fB-z\fR relaxreloc]
  36 [\fB-z\fR rescan-now] [\fB-z\fR recan] [\fB-z\fR rescan-start \fI\&...\fR \fB-z\fR rescan-end]]
  37 [\fB-z\fR target=sparc|x86] [\fB-z\fR text | textwarn | textoff]
  38 [\fB-z\fR verbose] [\fB-z\fR wrap=\fIsymbol\fR] \fIfilename\fR...
  39 .fi
  40 
  41 .SH DESCRIPTION
  42 .sp
  43 .LP

 828 .RE
 829 
 830 .sp
 831 .ne 2
 832 .na
 833 \fB\fB-z\fR \fBaltexec64\fR\fR
 834 .ad
 835 .sp .6
 836 .RS 4n
 837 Execute the 64-bit \fBld\fR. The creation of very large 32-bit objects can
 838 exhaust the virtual memory that is available to the 32-bit \fBld\fR. The
 839 \fB-z\fR \fBaltexec64\fR option can be used to force the use of the associated
 840 64-bit \fBld\fR. The 64-bit \fBld\fR provides a larger virtual address space
 841 for building 32-bit objects. See \fIThe 32-bit link-editor and 64-bit
 842 link-editor\fR in \fILinker and Libraries Guide\fR.
 843 .RE
 844 
 845 .sp
 846 .ne 2
 847 .na
 848 \fB-z\fR \fBaslr[=\fIstate\fR]\fR
 849 .ad
 850 .sp .6
 851 .RS 4n
 852 Specify whether the executable's address space should be randomized on
 853 execution.  If \fIstate\fR is "enabled" randomization will always occur when
 854 this executable is run (regardless of inherited settings).  If \fIstate\fR is
 855 "disabled" randomization will never occur when this executable is run.  If
 856 \fIstate\fR is omitted, ASLR is enabled.
 857 
 858 An executable that should simple use the settings inherited from its
 859 environment should not use this flag at all.
 860 .RE
 861 
 862 .sp
 863 .ne 2
 864 .na
 865 \fB\fB-z\fR \fBcombreloc\fR | \fBnocombreloc\fR\fR
 866 .ad
 867 .sp .6
 868 .RS 4n
 869 By default, \fBld\fR combines multiple relocation sections when building
 870 executables or shared objects. This section combination differs from
 871 relocatable objects, in which relocation sections are maintained in a
 872 one-to-one relationship with the sections to which the relocations must be
 873 applied. The \fB-z\fR \fBnocombreloc\fR option disables this merging of
 874 relocation sections, and preserves the one-to-one relationship found in the
 875 original relocatable objects.
 876 .sp
 877 \fBld\fR sorts the entries of data relocation sections by their symbol
 878 reference. This sorting reduces runtime symbol lookup. When multiple relocation
 879 sections are combined, this sorting produces the least possible relocation
 880 overhead when objects are loaded into memory, and speeds the runtime loading of
 881 dynamic objects.
 882 .sp
 883 Historically, the individual relocation sections were carried over to any
 884 executable or shared object, and the \fB-z\fR \fBcombreloc\fR option was