Requesting Security Extensions

Security extensions provide system-level and process level security, and are managed by the sxadm(8) utility.

Individual executables can be tagged with security extension requirements using the link-editor's -z sx option. This option provides per-object control of the ASLR, NXHEAP, NXSTACK, ADIHEAP and ADISTACK security extensions. See sxadm(8) and ld(1) for a full description of each security extension.

The extensions that have been recorded in an executable can be displayed with elfdump(1).

$ elfdump -d prog | grep SUNW_SX
    [33]  SUNW_SX_ASLR     0x2        ENABLE
    [34]  SUNW_SX_NXHEAP   0x2        ENABLE
    [35]  SUNW_SX_NXSTACK  0x2        ENABLE

The elfedit(1) dyn:sunw_sx command allows simplified editing of the associated DT_SUNW_SX_ASLR, DT_SUNW_SX_NXHEAP, DT_SUNW_SX_NXSTACK, DT_SUNW_SX_ADIHEAP and DT_SUNW_SX_ADISTACK dynamic section entries. See the DT_SUNW_SX tags under Dynamic Section.