-# $OpenBSD: rc,v 1.497 2017/05/29 10:24:06 florian Exp $
+# $OpenBSD: rc,v 1.498 2017/05/30 12:04:26 tb Exp $
# System startup script run by init on autoboot or after single-user.
# Output and error are redirected to console by init, and the console is the
# Re-link libraries, placing the objects in a random order.
reorder_libs() {
- local _l _liba _libas _tmpdir _remount=false _error=false
- local _dkdev=$(df /usr/lib | sed '1d;s/ .*//')
- local _mp=$(mount | grep "^$_dkdev")
+ local _dkdev _l _liba _libas _mp _tmpdir _remount=false _error=false
+
+ [[ $library_aslr == NO ]] && return
+
+ _dkdev=$(df /usr/lib | sed '1d;s/ .*//')
+ _mp=$(mount | grep "^$_dkdev")
# Skip if /usr/lib is on a nfs mounted filesystem.
[[ $_mp == *' type nfs '* ]] && return
-# $OpenBSD: rc.conf,v 1.215 2017/05/30 08:58:34 florian Exp $
+# $OpenBSD: rc.conf,v 1.216 2017/05/30 12:04:26 tb Exp $
# DO NOT EDIT THIS FILE!!
#
# miscellaneous other flags
amd_master=/etc/amd/master # AMD 'master' map
+library_aslr=YES # set to NO to disable library randomization
savecore_flags= # "-z" to compress
spamd_black=NO # set to YES to run spamd without greylisting
shlib_dirs= # extra directories for ldconfig, separated
-# $OpenBSD: rc.subr,v 1.124 2017/05/28 18:51:27 ajacoutot Exp $
+# $OpenBSD: rc.subr,v 1.125 2017/05/30 12:04:26 tb Exp $
#
# Copyright (c) 2010, 2011, 2014-2017 Antoine Jacoutot <ajacoutot@openbsd.org>
# Copyright (c) 2010, 2011 Ingo Schwarze <schwarze@openbsd.org>
typeset -l _key
local _l _rcfile _val
set -A _allowed_keys -- \
- accounting amd_master check_quotas ipsec multicast nfs_server \
- pexp pf pkg_scripts shlib_dirs spamd_black
+ accounting amd_master check_quotas ipsec library_aslr \
+ multicast nfs_server pexp pf pkg_scripts shlib_dirs spamd_black
[ $# -gt 0 ] || set -- /etc/rc.conf /etc/rc.conf.local
for _rcfile; do
-.\" $OpenBSD: rc.conf.8,v 1.28 2015/12/05 21:35:46 jmc Exp $
+.\" $OpenBSD: rc.conf.8,v 1.29 2017/05/30 12:04:27 tb Exp $
.\"
.\" Copyright (c) 1997 Ian F. Darwin
.\" Copyright (c) 2014 Ingo Schwarze <schwarze@openbsd.org>
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.Dd $Mdocdate: December 5 2015 $
+.Dd $Mdocdate: May 30 2017 $
.Dt RC.CONF 8
.Os
.Sh NAME
rc calls:
.Xr ipsecctl 8
.Fl f Pa /etc/ipsec.conf
+.It Cm library_aslr
+rc reorders some libraries for improved protection against ROP.
.It Cm multicast
See
.Xr netstart 8 .
#!/bin/ksh
#
-# $OpenBSD: rcctl.sh,v 1.105 2016/09/07 13:13:13 ajacoutot Exp $
+# $OpenBSD: rcctl.sh,v 1.106 2017/05/30 12:04:27 tb Exp $
#
# Copyright (c) 2014, 2015 Antoine Jacoutot <ajacoutot@openbsd.org>
# Copyright (c) 2014 Ingo Schwarze <schwarze@openbsd.org>
# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-_special_svcs="accounting check_quotas ipsec multicast pf spamd_black"
+_special_svcs="accounting check_quotas ipsec library_aslr multicast pf
+ spamd_black"
readonly _special_svcs
# get local functions from rc.subr(8)
projects / openbsd / commitdiff