Specifying Per-Object Security Extensions
Administrators can use the ld -z
command to specify per-object security extensions. In this release, a revised command option provides a consistent method for specifying various security extensions as follows:
ld -z sx=extension[mode],...
Replace the extension variable with the name of a security extension. Replace the mode variable with either enable
or disable
. If the mode is omitted, the extension is enabled. You can specify the following security extensions:
-
aslr
-
Specifies the Address Space Layout Randomization behavior for a process.
-
nxheap
-
Specifies a non-executable heap requirement for a process.
-
nxstack
-
Specifies a non-executable stack requirement for a process.
-
adiheap
-
Specifies an Application Data Integrity (ADI) requirement for memory allocators within a process.
-
adistack
-
Specifies an Application Data Integrity (ADI) stack protection requirement for a process.
See this option used in Compiling an Application With adistack Enabled. For further information, see the
ld
(1) man page and Oracle Solaris 11.4 Linkers and Libraries Guide.