Print this page
Code review comments from jeffpc
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.
@@ -13,11 +13,11 @@
[-i] [-I name] [-l x] [-L path] [-m] [-M mapfile]
[-N string] [-o outfile] [-p auditlib] [-P auditlib]
[-Q y | n] [-R path] [-s] [-S supportlib] [-t]
[-u symname] [-V] [-Y P,dirlist] [-z absexec]
[-z allextract | defaultextract | weakextract ] [-z altexec64]
- [-z assert-deflib ] [ -z assert-deflib=libname ]
+ [-z aslr[=state]] [-z assert-deflib] [ -z assert-deflib=libname]
[-z combreloc | nocombreloc ] [-z defs | nodefs]
[-z direct | nodirect] [-z endfiltee]
[-z fatal-warnings | nofatal-warnings ] [-z finiarray=function]
[-z globalaudit] [-z groupperm | nogroupperm]
[-z guidance[=id1,id2...] [-z help ]
@@ -594,10 +594,22 @@
associated 64-bit ld. The 64-bit ld provides a larger virtual
address space for building 32-bit objects. See The 32-bit link-
editor and 64-bit link-editor in Linker and Libraries Guide.
+ -z aslr[=state]
+
+ Specify whether the executable's address space should be randomized
+ on execution. If state is "enabled" randomization will always
+ occur when this executable is run (regardless of inherited
+ settings). If state is "disabled" randomization will never occur
+ when this executable is run. If state is omitted, ASLR is enabled.
+
+ An executable that should simply use the settings inherited from
+ its environment should not use this flag at all.
+
+
-z combreloc | nocombreloc
By default, ld combines multiple relocation sections when building
executables or shared objects. This section combination differs
from relocatable objects, in which relocation sections are
@@ -1308,6 +1320,6 @@
links to linker output files should explicitly remove and relink the
other file names.
- September 10, 2013 LD(1)
+ June 6, 2016 LD(1)