How to Verify That ASLR Is Enabled - Oracle® Solaris 11 Security Guidelines

Oracle^® Solaris 11 Security Guidelines

Exit Print View

» ...Documentation Home » Oracle Solaris 11.2 Information Library » Oracle^® Solaris 11 Security ... » Configuring Oracle Solaris Security » Initially Securing the System » How to Verify That ASLR Is Enabled

Updated: August 2014

Oracle^® Solaris 11 Security Guidelines

Document Information

Using This Documentation

Chapter 1 About Oracle Solaris Security

Chapter 2 Configuring Oracle Solaris Security

Installing the Oracle Solaris OS

Initially Securing the System

How to Verify Your Packages

How to Verify That ASLR Is Enabled

How to Disable Unneeded Services

How to Remove Power Management Capability From Users

How to Place a Security Message in Banner Files

How to Set Stronger Password Constraints

How to Set Account Locking for Regular Users

How to Set a More Restrictive umask Value for Regular Users

How to Audit Significant Events in Addition to Login/Logout

How to Remove Unneeded Basic Privileges From Users

Protecting the Network

How to Use TCP Wrappers

Protecting File Systems

How to Limit the Size of the tmpfs File System

Protecting and Modifying Files

Securing System Access and Use

Protecting a Legacy Service With SMF

Configuring a Kerberos Network

Adding Labeled Multilevel Security

Configuring Trusted Extensions

Configuring Labeled IPsec

Chapter 3 Maintaining and Monitoring Oracle Solaris Security

Appendix A Bibliography for Oracle Solaris Security

Language:

How to Verify That ASLR Is Enabled

By default, executable instructions that are tagged are written to unconnected address spaces to reduce the ability of intruders to inject instructions on the executable stack.

Before You Begin

You must assume the root role. For more information, see Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.2 .

Verify that ASLR is enabled.
```
# sxadm info
EXTENSION        STATUS                   CONFIGURATION            
aslr             enabled (all)            enabled (all)
```
The value all is stronger than the default, and could result in errors in applications that rely on a consecutive stack in memory. For example, databases might rely on a consecutive stack in memory.

If ASLR is disabled, enable the default value and verify that it is in effect.

# sxadm delcust aslr
# sxadm info
EXTENSION        STATUS                   CONFIGURATION            
aslr             enabled (tagged-files)   system default (default)

See also

For debugging purposes, you can turn off ASLR by calling the sxadm command on a particular binary. For examples, see the sxadm(1M) man page.

Copyright © 2011, 2014, Oracle and/or its affiliates. All rights reserved. Legal Notices