Feature #7030
closed
want basic address space layout randomization (ASLR)
100%
Description
We should implement a security-flag (see #7029) which implements basic randomization of the heap, stack, and mapping base addresses. executable text randomization will require Position Independent Executables (PIE), which would be a future project.
In addition to the security-flag infrastructure, basic compatibly with Solaris is achievable via implementing the -z aslr flag to ld(1), to set the DT_SUNW_ASLR dynamic tag, which indicates a processes disposition to ASLR (if 1, always aslr, if 0, never aslr, if unset, default). This allows processes which are known to be negatively impacted by aslr to forbid it (should the security-flags configuration mandate aslr, these process will thus not run, however)
Related issues
Updated by Electric Monk almost 7 years ago
- Status changed from New to Closed
- % Done changed from 70 to 100
git commit d2a70789f056fc6c9ce3ab047b52126d80b0e3da
commit d2a70789f056fc6c9ce3ab047b52126d80b0e3da
Author: Richard Lowe <richlowe@richlowe.net>
Date: 2016-10-15T16:02:16.000Z
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (ASLR)
7031 noexec_user_stack should be a security-flag
7032 want a means to forbid mappings around NULL
Reviewed by: Robert Mustacchi <rm@joyent.com>
Reviewed by: Josef 'Jeff' Sipek <jeffpc@josefsipek.net>
Reviewed by: Patrick Mooney <pmooney@joyent.com>
Approved by: Dan McDonald <danmcd@omniti.com>
Updated by Joshua M. Clulow over 4 years ago
- Related to Feature #7029: want per-process exploit mitigation features (secflags) added