Print this page
Code review comments from jeffpc
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.

@@ -3,11 +3,11 @@
 .\" Copyright (c) 2009, Sun Microsystems, Inc. All Rights Reserved
 .\" Copyright (c) 2012, Joyent, Inc. All Rights Reserved
 .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License. You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.
 .\"  See the License for the specific language governing permissions and limitations under the License. When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with
 .\" the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
-.TH LD 1 "Sep 10, 2013"
+.TH LD 1 "Jun 6, 2016"
 .SH NAME
 ld \- link-editor for object files
 .SH SYNOPSIS
 .LP
 .nf

@@ -18,11 +18,11 @@
 [\fB-i\fR] [\fB-I\fR \fIname\fR] [\fB-l\fR \fIx\fR] [\fB-L\fR \fIpath\fR] [\fB-m\fR] [\fB-M\fR \fImapfile\fR]
 [\fB-N\fR \fIstring\fR] [\fB-o\fR \fIoutfile\fR] [\fB-p\fR \fIauditlib\fR] [\fB-P\fR \fIauditlib\fR]
 [\fB-Q\fR y | n] [\fB-R\fR \fIpath\fR] [\fB-s\fR] [\fB-S\fR \fIsupportlib\fR] [\fB-t\fR]
 [\fB-u\fR \fIsymname\fR] [\fB-V\fR] [\fB-Y P\fR\fI,dirlist\fR] [\fB-z\fR absexec]
 [\fB-z\fR allextract | defaultextract | weakextract ] [\fB-z\fR altexec64]
-[\fB-z\fR assert-deflib ] [ \fB-z\fR assert-deflib=\fIlibname\fR ]
+[\fB-z\fR aslr[=\fIstate\fR]] [\fB-z\fR assert-deflib] [ \fB-z\fR assert-deflib=\fIlibname\fR]
 [\fB-z\fR combreloc | nocombreloc ] [\fB-z\fR defs | nodefs]
 [\fB-z\fR direct | nodirect] [\fB-z\fR endfiltee]
 [\fB-z\fR fatal-warnings | nofatal-warnings ] [\fB-z\fR finiarray=\fIfunction\fR]
 [\fB-z\fR globalaudit] [\fB-z\fR groupperm | nogroupperm] 
 [\fB-z\fR guidance[=\fIid1\fR,\fIid2\fR...] [\fB-z\fR help ]

@@ -37,11 +37,10 @@
 [\fB-z\fR target=sparc|x86] [\fB-z\fR text | textwarn | textoff]
 [\fB-z\fR verbose] [\fB-z\fR wrap=\fIsymbol\fR] \fIfilename\fR...
 .fi
 
 .SH DESCRIPTION
-.sp
 .LP
 The link-editor, \fBld\fR, combines relocatable object files by resolving
 symbol references to symbol definitions, together with performing relocations.
 \fBld\fR operates in two modes, static or dynamic, as governed by the \fB-d\fR
 option. In all cases, the output of \fBld\fR is left in the file \fBa.out\fR by

@@ -102,11 +101,10 @@
 operate. The mixing of 32-bit objects and 64-bit objects is not permitted.
 Similarly, only objects of a single machine type are allowed. See the
 \fB-32\fR, \fB-64\fR and \fB-z target\fR options, and the \fBLD_NOEXEC_64\fR
 environment variable.
 .SS "Static Executables"
-.sp
 .LP
 The creation of static executables has been discouraged for many releases. In
 fact, 64-bit system archive libraries have never been provided. Because a
 static executable is built against system archive libraries, the executable
 contains system implementation details. This self-containment has a number of

@@ -138,11 +136,10 @@
 Without these libraries, specifically \fBlibc.a\fR, the creation of static
 executables is no longer achievable without specialized system knowledge.
 However, the capability of \fBld\fR to process static linking options, and the
 processing of archive libraries, remains unchanged.
 .SH OPTIONS
-.sp
 .LP
 The following options are supported.
 .sp
 .ne 2
 .na

@@ -843,10 +840,27 @@
 .RE
 
 .sp
 .ne 2
 .na
+\fB-z\fR \fBaslr[=\fIstate\fR]\fR
+.ad
+.sp .6
+.RS 4n
+Specify whether the executable's address space should be randomized on
+execution.  If \fIstate\fR is "enabled" randomization will always occur when
+this executable is run (regardless of inherited settings).  If \fIstate\fR is
+"disabled" randomization will never occur when this executable is run.  If
+\fIstate\fR is omitted, ASLR is enabled.
+
+An executable that should simply use the settings inherited from its
+environment should not use this flag at all.
+.RE
+
+.sp
+.ne 2
+.na
 \fB\fB-z\fR \fBcombreloc\fR | \fBnocombreloc\fR\fR
 .ad
 .sp .6
 .RS 4n
 By default, \fBld\fR combines multiple relocation sections when building

@@ -1627,11 +1641,10 @@
 that operation for the link-editor to carry out, and prevent the wrap from
 occurring.
 .RE
 
 .SH ENVIRONMENT VARIABLES
-.sp
 .ne 2
 .na
 \fB\fBLD_ALTEXEC\fR\fR
 .ad
 .sp .6

@@ -1756,11 +1769,10 @@
 .LP
 Notice that environment variable-names that begin with the
 characters '\fBLD_\fR' are reserved for possible future enhancements to \fBld\fR and
 \fBld.so.1\fR(1).
 .SH FILES
-.sp
 .ne 2
 .na
 \fB\fBlib\fIx\fR.so\fR\fR
 .ad
 .RS 15n

@@ -1806,11 +1818,10 @@
 link-editing. These \fBmapfiles\fR provide various capabilities, such as
 defining memory layouts, aligning bss, and defining non-executable stacks.
 .RE
 
 .SH ATTRIBUTES
-.sp
 .LP
 See \fBattributes\fR(5) for descriptions of the following attributes:
 .sp
 
 .sp

@@ -1822,21 +1833,19 @@
 _
 Interface Stability     Committed
 .TE
 
 .SH SEE ALSO
-.sp
 .LP
 \fBas\fR(1), \fBcrle\fR(1), \fBgprof\fR(1), \fBld.so.1\fR(1), \fBldd\fR(1),
 \fBmcs\fR(1), \fBpvs\fR(1), \fBexec\fR(2), \fBstat\fR(2), \fBdlopen\fR(3C),
 \fBdldump\fR(3C), \fBelf\fR(3ELF), \fBar.h\fR(3HEAD), \fBa.out\fR(4),
 \fBattributes\fR(5)
 .sp
 .LP
 \fILinker and Libraries Guide\fR
 .SH NOTES
-.sp
 .LP
 Default options applied by \fBld\fR are maintained for historic reasons. In
 today's programming environment, where dynamic objects dominate, alternative
 defaults would often make more sense. However, historic defaults must be
 maintained to ensure compatibility with existing program development