ASLR is a feature of the Oracle Solaris system that randomizes the starting address of key portions of the process address space such as stack, libraries, and brk-based heap. By default, ASLR is enabled for binaries explicitly tagged to request ASLR. The following command provides information about the status of ASLR:
% sxadm info
EXTENSION STATUS CONFIGURATION aslr enable (tagged-files) enable (tagged-files)
The –z option to the ld(1) command is used to tag a newly created object with an ASLR requirement. The usage is as shown below:
ld -z aslr[=mode]
where mode can be set to enable or disable. If mode is not specified, enable is assumed.
The following example demonstrates the use of the –z option to create an executable with ASLR enabled:
% cat hello.c #include <stdio.h> int main(int argc, char **argv) { (void) printf("Hello World!\n"); return (0); } % cc hello.c -z aslr
ASLR tagging is provided by an entry in the object's dynamic section, which can be inspected with elfdump(1).
% elfdump -d a.out | grep ASLR [28] SUNW_ASLR 0x2 ENABLE
The elfedit(1) command can be used to add or modify the ASLR dynamic entry in an existing object.
% cc hello.c % elfedit -e 'dyn:sunw_aslr enable' a.out % elfdump -d a.out | grep ASLR [29] SUNW_ASLR 0x2 ENABLE
% elfedit -e 'dyn:sunw_aslr disable' a.out % elfdump -d a.out | grep ASLR [29] SUNW_ASLR 0x1 DISABLE
The ASLR requirements for a given process are established at process startup, and cannot be modified once the process has started. For this reason, the ASLR tagging is only meaningful for the primary executable object in the process.
The pmap(1) utility can be used to examine the address mappings for a process. When used to observe the mappings for an executable which has ASLR enabled, the specific addresses used for the stack, library mappings, and the brk-based heap will differ for every invocation.
The sxadm(1) command is used to control the default ASLR default behavior for the system. Binaries that are explicitly tagged to disable ASLR take precedence over the system default behavior established by sxadm.
Address Space Randomization may be problematic during debugging. Some debugging situations require that repeated invocations of the program use the same address mappings. You can temporarily disable ASLR in one of the following ways:
Temporarily disable ASLR system wide
% sxadm exec -s aslr=disable /bin/bash
Use ld or elfedit commands to tag the associate binary to disable ASLR
Establish an ASLR disabled shell in which to carry out debugging
% sxadm exec -s aslr=disable /bin/bash
See the sxadm(1M) man page and Chapter 2, Configuring Oracle Solaris Security, in Oracle Solaris 11 Security Guidelines for more information.