site_archiver@lists.apple.com Delivered-To: darwin-dev@lists.apple.com I can't seem to find much info on ASLR on OS X. Is it synonymous with 'position-independent code,' and 'enabling ASLR' == the -pie ld flag? There's a lot of safety stuff there that people tend not to use. 8-). -- Terry _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-dev mailing list (Darwin-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-dev/site_archiver%40lists.appl... On Oct 6, 2009, at 2:12 PM, Dave Keck wrote: PS: It works for your main app only because you have not enabled ASLR for Yes, -pie; you can only use it with code compiled as PIC, for obvious reasons. The ld man page has better detail. If you run your code as 64 bit, you will also automatically get NX data and stacks; you can request this for i386, but too much commercial 32 bit code breaks if it's on by default there, so you have to specify it as a segment flag for a stack segment you provide, or you have to vm_protect() yourself. Whether it's enabled is controllable by the kern.nx sysctl value (1 is enabled, which is the default). This is controlled by the VM_PROT_EXECUTE bit on pmap creation. This has basically been supported since 10.4.4. This email sent to site_archiver@lists.apple.com