Print this page
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.

Split Close
Expand all
Collapse all
          --- old/usr/src/man/man1/ld.1.man.txt
          +++ new/usr/src/man/man1/ld.1.man.txt
↓ open down ↓ 7 lines elided ↑ open up ↑
   8    8  SYNOPSIS
   9    9         ld [-32 | -64] [-a | -r] [-b] [-Bdirect | nodirect]
  10   10         [-B dynamic | static] [-B eliminate] [-B group] [-B local]
  11   11         [-B reduce] [-B symbolic] [-c name] [-C] [-d y | n]
  12   12         [-D token,...] [-e epsym] [-f name | -F name] [-G] [-h name]
  13   13         [-i] [-I name] [-l x] [-L path] [-m] [-M mapfile]
  14   14         [-N string] [-o outfile] [-p auditlib] [-P auditlib]
  15   15         [-Q y | n] [-R path] [-s] [-S supportlib] [-t]
  16   16         [-u symname] [-V] [-Y P,dirlist] [-z absexec]
  17   17         [-z allextract | defaultextract | weakextract ] [-z altexec64]
  18      -       [-z assert-deflib ] [ -z assert-deflib=libname ]
       18 +       [-z aslr[=state]] [-z assert-deflib] [ -z assert-deflib=libname]
  19   19         [-z combreloc | nocombreloc ] [-z defs | nodefs]
  20   20         [-z direct | nodirect] [-z endfiltee]
  21   21         [-z fatal-warnings | nofatal-warnings ] [-z finiarray=function]
  22   22         [-z globalaudit] [-z groupperm | nogroupperm]
  23   23         [-z guidance[=id1,id2...] [-z help ]
  24   24         [-z ignore | record] [-z initarray=function] [-z initfirst]
  25   25         [-z interpose] [-z lazyload | nolazyload]
  26   26         [-z ld32=arg1,arg2,...] [-z ld64=arg1,arg2,...]
  27   27         [-z loadfltr] [-z muldefs] [-z nocompstrtab] [-z nodefaultlib]
  28   28         [-z nodelete] [-z nodlopen] [-z nodump] [-z noldynsym]
↓ open down ↓ 560 lines elided ↑ open up ↑
 589  589         -z altexec64
 590  590  
 591  591             Execute the 64-bit ld. The creation of very large 32-bit objects
 592  592             can exhaust the virtual memory that is available to the 32-bit ld.
 593  593             The -z altexec64 option can be used to force the use of the
 594  594             associated 64-bit ld. The 64-bit ld provides a larger virtual
 595  595             address space for building 32-bit objects. See The 32-bit link-
 596  596             editor and 64-bit link-editor in Linker and Libraries Guide.
 597  597  
 598  598  
      599 +       -z aslr[=state]
      600 +
      601 +           Specify whether the executable's address space should be randomized
      602 +           on execution.  If state is "enabled" randomization will always
      603 +           occur when this executable is run (regardless of inherited
      604 +           settings).  If state is "disabled" randomization will never occur
      605 +           when this executable is run.  If state is omitted, ASLR is enabled.
      606 +
      607 +           An executable that should simply use the settings inherited from
      608 +           its environment should not use this flag at all.
      609 +
      610 +
 599  611         -z combreloc | nocombreloc
 600  612  
 601  613             By default, ld combines multiple relocation sections when building
 602  614             executables or shared objects. This section combination differs
 603  615             from relocatable objects, in which relocation sections are
 604  616             maintained in a one-to-one relationship with the sections to which
 605  617             the relocations must be applied. The -z nocombreloc option disables
 606  618             this merging of relocation sections, and preserves the one-to-one
 607  619             relationship found in the original relocatable objects.
 608  620  
↓ open down ↓ 705 lines elided ↑ open up ↑
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX