Oracle Solaris tags many of its userland binaries to enable address space layout randomization (ASLR). ASLR randomizes the starting address of key parts of an address space. This security defense mechanism can cause Return Oriented Programming (ROP) attacks to fail when they try to exploit software vulnerabilities.
Zones inherit this randomized layout for their processes. Because the use of ASLR might not be optimal for all binaries, the use of ASLR is configurable at the zone level and at the binary level.
The three ASLR configurations are:
Disabled – ASLR is disabled for all binaries.
Tagged binaries – ASLR is controlled by the tag that is coded in the binaries.
The default Oracle Solaris value for ASLR is tagged-binaries. Many binaries in the Oracle Solaris release are tagged to use ASLR.
Enabled – ASLR is enabled for all binaries, except for those that are explicitly tagged to disable it.
The sxadm command is used to configure ASLR. You must assume the root role to run this command. For examples and information, see the sxadm(1M) man page. For developer information, see Developer’s Guide to Oracle Solaris 11 Security .