In article <20160410153633.1bb9817f...@rebar.astron.com>, Christos Zoulas <chris...@zoulas.com> wrote:
In more detail: 1. MKPIE is now on, creating PIE binaries; this is done in bsd.own.mk. You can turn it by putting MKPIE=no in /etc/mk.conf. 2. The value of the sysctl security.pax.aslr.global has been set to 1. This means that by default all binaries are ran with ASLR on. (securiry.pax.aslr.enabled was already == 1). Sysctls of interest: security.pax.aslr.enabled: Enable/disable ASLR for everyone security.pax.aslr.global: Enable/disable ASLR default (you can override this on individual binaries via ELF notes) security.pax.aslr.debug: Enable/Disable printing of ASLR address handling. security.pax.aslr.flags: Bits set to 1 disable ASLR more granularly Turning bit 0 on disables stack randomization Turning bit 1 on disables mmap randomization christos