=== Enable ASLR by default for 64-bit executables Contact: Dawid Gorecki + Contact: Marcin Wojtas Address Space Layout Randomization (ASLR) is an exploit mitigation technique implemented in the majority of modern operating systems. It involves randomly positioning the base address of an executable and the position of libraries, heap, and stack, in a process's address space. Although over the years ASLR proved to not guarantee full OS security on its own, this mechanism can make exploitation more difficult. The Semihalf team made an effort to switch on the address map randomization for PIE (Position Independent Executables) & non-PIE 64-bit binaries. Once the link:https://cgit.freebsd.org/src/commit/?id=b014e0f15bc73d80e[patch] was merged to HEAD, the ASLR feature became enabled for all 64-bit architectures. Additionally, the mentioned change disabled link:https://www.freebsd.org/cgi/man.cgi?query=sbrk&sektion=2[SBRK], in order to allow utilization of the bss grow region for mappings. It has no effect without ASLR, so it was applied to all architectures. TODO: * Improve stackgap feature implementation. * MFC to stable/13 branch. Sponsor: Stormshield