Enabling Inheritance of Security Extension Status
The -i
option to the sxadm exec
command enables or disables the inheritance of a security extension's configuration.
Example 2-4 Illustrating Security Extension Inheritance
This example illustrates inheriting and not inheriting the configuration of the ASLR security extension.
-
Disable ASLR only for this shell.
# sxadm exec -s aslr=disable /bin/bash
-
Verify the randomized heap address from this shell.
The repeated
pmap self
command from this shell shows a randomized heap address. -
# pmap self | grep heap 00000054BF32E000 8K rw---i- [ heap ] 00000054BF330000 64K rw---i- [ heap ] # pmap self | grep heap 0000005B50708000 32K rw---i- [ heap ] # pmap self | grep heap 000000A48D30E000 8K rw---i- [ heap ] 000000A48D310000 64K rw---i- [ heap ]
-
Run a shell with ASLR disabled for the shell and any descendant by using the
-i
option.# sxadm exec -i -s aslr=disable /bin/bash
-
The repeated
pmap self
command from this shell shows a constant heap address with ASLR disabled:# pmap self | grep heap 0000000080000000 64K rw---i- [ heap ] # pmap self | grep heap 0000000080000000 64K rw---i- [ heap ] # pmap self | grep heap 0000000080000000 64K rw---i- [ heap ]
Example 2-5 Determining Whether a Binary is Protected by a Security Extension
You can use the elfdump -d
command to determine whether a particular binary is compiled with security extensions. The security extensions must be enabled on the system for the binary to be protected. The following output indicates the extensions that are enabled, disabled, and not supported on this hardware:
$ sxadm status
EXTENSION STATUS FLAGS
adiheap enabled (tagged-files) u-c--
adistack enabled (tagged-files) u-c--
aslr enabled (tagged-files) u-c--
hw_bti enabled ---r-
hw_ssb not supported -----
kadi disabled -kcr-
nxheap enabled (tagged-files) u-c--
nxstack enabled (all) u-c--
The following output shows that the cat
command and the ipsecconf
command are protected by security extensions.
$ elfdump -d /bin/cat | grep SUNW_SX [33] SUNW_SX_ASLR 0x2 ENABLE [34] SUNW_SX_NXHEAP 0x2 ENABLE [35] SUNW_SX_NXSTACK 0x2 ENABLE $ elfdump -d /usr/sbin/ipsecconf | grep SUNW_SX [35] SUNW_SX_ASLR 0x2 ENABLE [36] SUNW_SX_NXHEAP 0x2 ENABLE [37] SUNW_SX_NXSTACK 0x2 ENABLE
The following output shows that the userland binaries for DHCP and Secure Shell are protected by security extensions.
$ elfdump -d /usr/sbin/dhcpagent | grep SUNW_SX [52] SUNW_SX_ASLR 0x2 ENABLE [53] SUNW_SX_NXHEAP 0x2 ENABLE [54] SUNW_SX_NXSTACK 0x2 ENABLE $ elfdump -d /usr/bin/ssh | grep SUNW_SX [43] SUNW_SX_ASLR 0x2 ENABLE [44] SUNW_SX_NXHEAP 0x2 ENABLE [45] SUNW_SX_NXSTACK 0x2 ENABLE