D27666.id82838.diff
No OneTemporary
Actions

Size

1 KB

Referenced Files

None

Subscribers

None

D27666.id82838.diff
View Options

	diff --git a/sys/kern/imgact_elf.c b/sys/kern/imgact_elf.c
	--- a/sys/kern/imgact_elf.c
	+++ b/sys/kern/imgact_elf.c
	@@ -162,19 +162,43 @@
	"");
	#define ASLR_NODE_OID __CONCAT(__CONCAT(_kern_elf, __ELF_WORD_SIZE), _aslr)

	+/*
	+ * While for 64 bit machines ASLR is working properly, there are
	+ * still some problems when using 32 bit architectures. For this
	+ * reason ASLR is only enabled by default when running native
	+ * 64 bit programs.
	+ */
	+#if __ELF_WORD_SIZE == 64
	+static int __elfN(aslr_enabled) = 1;
	+#else
	static int __elfN(aslr_enabled) = 0;
	+#endif
	SYSCTL_INT(ASLR_NODE_OID, OID_AUTO, enable, CTLFLAG_RWTUN,
	&__elfN(aslr_enabled), 0,
	__XSTRING(__CONCAT(ELF, __ELF_WORD_SIZE))
	": enable address map randomization");

	+#if __ELF_WORD_SIZE == 64
	+static int __elfN(pie_aslr_enabled) = 1;
	+#else
	static int __elfN(pie_aslr_enabled) = 0;
	+#endif
	SYSCTL_INT(ASLR_NODE_OID, OID_AUTO, pie_enable, CTLFLAG_RWTUN,
	&__elfN(pie_aslr_enabled), 0,
	__XSTRING(__CONCAT(ELF, __ELF_WORD_SIZE))
	": enable address map randomization for PIE binaries");

	+/*
	+ * With this disabled the bss grow region can also be used for ASLR.
	+ *
	+ * Sbrk is now deprecated and it can be assumed, that in most
	+ * cases it will not be used anyway.
	+ */
	+#if __ELF_WORD_SIZE == 64
	+static int __elfN(aslr_honor_sbrk) = 0;
	+#else
	static int __elfN(aslr_honor_sbrk) = 1;
	+#endif
	SYSCTL_INT(ASLR_NODE_OID, OID_AUTO, honor_sbrk, CTLFLAG_RW,
	&__elfN(aslr_honor_sbrk), 0,
	__XSTRING(__CONCAT(ELF, __ELF_WORD_SIZE)) ": assume sbrk is used");