il_7029-3 Cdiff usr/src/man/man1/ld.1

Print this page

Code review comments from jeffpc
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.


*** 13,23 ****
         [-i] [-I name] [-l x] [-L path] [-m] [-M mapfile]
         [-N string] [-o outfile] [-p auditlib] [-P auditlib]
         [-Q y | n] [-R path] [-s] [-S supportlib] [-t]
         [-u symname] [-V] [-Y P,dirlist] [-z absexec]
         [-z allextract | defaultextract | weakextract ] [-z altexec64]
!        [-z assert-deflib ] [ -z assert-deflib=libname ]
         [-z combreloc | nocombreloc ] [-z defs | nodefs]
         [-z direct | nodirect] [-z endfiltee]
         [-z fatal-warnings | nofatal-warnings ] [-z finiarray=function]
         [-z globalaudit] [-z groupperm | nogroupperm]
         [-z guidance[=id1,id2...] [-z help ]
--- 13,23 ----
         [-i] [-I name] [-l x] [-L path] [-m] [-M mapfile]
         [-N string] [-o outfile] [-p auditlib] [-P auditlib]
         [-Q y | n] [-R path] [-s] [-S supportlib] [-t]
         [-u symname] [-V] [-Y P,dirlist] [-z absexec]
         [-z allextract | defaultextract | weakextract ] [-z altexec64]
!        [-z aslr[=state]] [-z assert-deflib] [ -z assert-deflib=libname]
         [-z combreloc | nocombreloc ] [-z defs | nodefs]
         [-z direct | nodirect] [-z endfiltee]
         [-z fatal-warnings | nofatal-warnings ] [-z finiarray=function]
         [-z globalaudit] [-z groupperm | nogroupperm]
         [-z guidance[=id1,id2...] [-z help ]
*** 594,603 ****
--- 594,615 ----
             associated 64-bit ld. The 64-bit ld provides a larger virtual
             address space for building 32-bit objects. See The 32-bit link-
             editor and 64-bit link-editor in Linker and Libraries Guide.
  
  
+        -z aslr[=state]
+ 
+            Specify whether the executable's address space should be randomized
+            on execution.  If state is "enabled" randomization will always
+            occur when this executable is run (regardless of inherited
+            settings).  If state is "disabled" randomization will never occur
+            when this executable is run.  If state is omitted, ASLR is enabled.
+ 
+            An executable that should simply use the settings inherited from
+            its environment should not use this flag at all.
+ 
+ 
         -z combreloc | nocombreloc
  
             By default, ld combines multiple relocation sections when building
             executables or shared objects. This section combination differs
             from relocatable objects, in which relocation sections are
*** 1308,1313 ****
         links to linker output files should explicitly remove and relink the
         other file names.
  
  
  
!                               September 10, 2013                         LD(1)
--- 1320,1325 ----
         links to linker output files should explicitly remove and relink the
         other file names.
  
  
  
!                                  June 6, 2016                            LD(1)