Go to main content

Securing Systems and Attached Devices in Oracle® Solaris 11.4

Exit Print View

Updated: July 2019
 
 

Specifying Per-Object Security Extensions

Administrators can use the ld -z command to specify per-object security extensions. In this release, a revised command option provides a consistent method for specifying various security extensions as follows:

ld -z sx=extension[mode],...

Replace the extension variable with the name of a security extension. Replace the mode variable with either enable or disable. If the mode is omitted, the extension is enabled. You can specify the following security extensions:

aslr

Specifies the Address Space Layout Randomization behavior for a process.

nxheap

Specifies a non-executable heap requirement for a process.

nxstack

Specifies a non-executable stack requirement for a process.

adiheap

Specifies an Application Data Integrity (ADI) requirement for memory allocators within a process.

adistack

Specifies an Application Data Integrity (ADI) stack protection requirement for a process.

See this option used in Example 3, Compiling an Application With adistack Enabled. For further information, see the ld(1) man page and Oracle Solaris 11.4 Linkers and Libraries Guide.