Print this page
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.
@@ -938,11 +938,10 @@
/* Minimum size of assert-deflib=lib%s.so */
mlen = MSG_ARG_ASSDEFLIB_SIZE + 1 + MSG_STR_LIB_SIZE +
MSG_STR_SOEXT_SIZE;
if (olen > MSG_ARG_ASSDEFLIB_SIZE) {
if (optarg[MSG_ARG_ASSDEFLIB_SIZE] != '=') {
- ld_eprintf(ofl, ERR_FATAL, "Missing =\n");
ld_eprintf(ofl, ERR_FATAL, MSG_INTL(MSG_ARG_ILLEGAL),
MSG_ORIG(MSG_ARG_ASSDEFLIB), optarg);
return (TRUE);
}
@@ -1435,10 +1434,36 @@
} else if (strncmp(optarg, MSG_ORIG(MSG_ARG_WRAP),
MSG_ARG_WRAP_SIZE) == 0) {
if (ld_wrap_enter(ofl,
optarg + MSG_ARG_WRAP_SIZE) == NULL)
return (S_ERROR);
+ } else if (strncmp(optarg, MSG_ORIG(MSG_ARG_ASLR),
+ MSG_ARG_ASLR_SIZE) == 0) {
+ char *p = optarg + MSG_ARG_ASLR_SIZE;
+ if (*p == '\0') {
+ ofl->ofl_aslr = 1;
+ } else if (*p == '=') {
+ p++;
+
+ if (strcmp(p,
+ MSG_ORIG(MSG_ARG_ENABLED)) == 0) {
+ ofl->ofl_aslr = 1;
+ } else if (strcmp(p,
+ MSG_ORIG(MSG_ARG_DISABLED)) == 0) {
+ ofl->ofl_aslr = -1;
+ } else {
+ ld_eprintf(ofl, ERR_FATAL,
+ MSG_INTL(MSG_ARG_ILLEGAL),
+ MSG_ORIG(MSG_ARG_ZASLR), p);
+ return (S_ERROR);
+ }
+ } else {
+ ld_eprintf(ofl, ERR_FATAL,
+ MSG_INTL(MSG_ARG_ILLEGAL),
+ MSG_ORIG(MSG_ARG_Z), optarg);
+ return (S_ERROR);
+ }
} else if ((strncmp(optarg, MSG_ORIG(MSG_ARG_GUIDE),
MSG_ARG_GUIDE_SIZE) == 0) &&
((optarg[MSG_ARG_GUIDE_SIZE] == '=') ||
(optarg[MSG_ARG_GUIDE_SIZE] == '\0'))) {
if (!guidance_parse(ofl, optarg))