1. Securing Systems and Attached Devices in Oracle Solaris 11.4
  2. Protecting Oracle Solaris System Integrity
  3. Protecting Against Malware With Security Extensions
  4. Randomizing the Layout of the Address Space

Randomizing the Layout of the Address Space

Oracle Solaris tags many of its userland binaries with the address space layout randomization (ASLR) security extension. ASLR randomizes the starting address of key parts of an address space. This security defense mechanism can cause Return Oriented Programming (ROP) attacks to fail when they try to exploit software vulnerabilities.

Zones inherit this randomized layout for their processes. Because ASLR might not be optimal for all binaries, its use is configurable at the zone level and at the binary level.

The default Oracle Solaris value for ASLR is tagged-binaries. Many binaries in Oracle Solaris are tagged to use ASLR.

You must assume the root role to run the sxadm command. For examples and information, see the sxadm(8) man page. For developer information, see Developer's Guide to Oracle Solaris 11.4 Security.