In article <[email protected]>,
Christos Zoulas <[email protected]> wrote:
In more detail:
1. MKPIE is now on, creating PIE binaries; this is done in bsd.own.mk.
You can turn it by putting MKPIE=no in /etc/mk.conf.
2. The value of the sysctl security.pax.aslr.global has been set to 1.
This means that by default all binaries are ran with ASLR on.
(securiry.pax.aslr.enabled was already == 1).
Sysctls of interest:
security.pax.aslr.enabled: Enable/disable ASLR for everyone
security.pax.aslr.global: Enable/disable ASLR default (you can
override this on individual binaries
via ELF notes)
security.pax.aslr.debug: Enable/Disable printing of ASLR address
handling.
security.pax.aslr.flags: Bits set to 1 disable ASLR more granularly
Turning bit 0 on disables stack randomization
Turning bit 1 on disables mmap randomization
christos
