Oracle Solaris tags many of its userland binaries with the address space layout randomization (ASLR) security extension. ASLR randomizes the starting address of key parts of an address space. This security defense mechanism can cause Return Oriented Programming (ROP) attacks to fail when they try to exploit software vulnerabilities.
Zones inherit this randomized layout for their processes. Because ASLR might not be optimal for all binaries, its use is configurable at the zone level and at the binary level.
The default Oracle Solaris value for ASLR is tagged-binaries. Many binaries in Oracle Solaris are tagged to use ASLR.
To determine whether a particular binary is tagged to use ASLR, use the elfdump -d command with the binary as the argument:
$ elfdump -d /usr/sbin/ipsecconf | grep SUNW_ ... [36] SUNW_ASLR 0x2 ENABLE [37] SUNW_NXHEAP 0x2 ENABLE [38] SUNW_NXSTACK 0x2 ENABLE
You must assume the root role to run the sxadm command. For examples and information, see the sxadm(1M) man page. For developer information, see Developer’s Guide to Oracle Solaris 11.3 Security.