Requesting Security Extensions
Security extensions provide
system-level and process level security, and are managed by the
sxadm
(8)
utility.
Individual executables can be
tagged with security extension requirements using the link-editor's
-z sx
option.
This option provides per-object control of the
ASLR, NXHEAP,
NXSTACK, ADIHEAP and
ADISTACK security extensions.
See
sxadm
(8) and
ld
(1)
for a full description of each security extension.
The extensions that have been recorded in an executable
can be displayed with
elfdump
(1).
$ elfdump -d prog | grep SUNW_SX
[33] SUNW_SX_ASLR 0x2 ENABLE
[34] SUNW_SX_NXHEAP 0x2 ENABLE
[35] SUNW_SX_NXSTACK 0x2 ENABLE
The
elfedit
(1)
dyn:sunw_sx
command allows simplified editing
of the associated DT_SUNW_SX_ASLR
,
DT_SUNW_SX_NXHEAP
,
DT_SUNW_SX_NXSTACK
,
DT_SUNW_SX_ADIHEAP
and
DT_SUNW_SX_ADISTACK
dynamic section
entries. See the DT_SUNW_SX
tags under
Dynamic Section.