diff --git a/contrib/ntp/ntpd/ntpd.c b/contrib/ntp/ntpd/ntpd.c index bcfca27a535..284d1300ed9 100644 --- a/contrib/ntp/ntpd/ntpd.c +++ b/contrib/ntp/ntpd/ntpd.c @@ -138,6 +138,13 @@ # include #endif /* LIBSECCOMP and KERN_SECCOMP */ +#ifdef __FreeBSD_cc_version +#include +#include +#include +extern char **environ; +#endif + #ifdef HAVE_DNSREGISTRATION # include DNSServiceRef mdns; @@ -402,6 +409,49 @@ main( char *argv[] ) { +#ifdef __FreeBSD_cc_version +#ifdef _LP64 +#define ASLR_ENABLE "kern.elf64.aslr.enable" +#define ASLR_STACK_GAP "kern.elf64.aslr.stack_gap" +#else +#define ASLR_ENABLE "kern.elf32.aslr.enable" +#define ASLR_STACK_GAP "kern.elf32.aslr.stack_gap" +#endif + { + int aslr, stack_gap, aslr_var; + size_t aslr_len = sizeof(aslr); + size_t stack_gap_len = sizeof(stack_gap); + + pid_t my_pid = getpid(); + + if (sysctlbyname(ASLR_ENABLE, &aslr, &aslr_len, NULL, 0) != 0) { + msyslog(LOG_ERR,"sysctlbyname aslr failed"); + exit(255); + } + if (sysctlbyname(ASLR_STACK_GAP, &stack_gap, &stack_gap_len, NULL, 0) != 0) { + msyslog(LOG_ERR,"sysctlbyname stack gap failed"); + exit(254); + } + if (procctl(P_PID, my_pid, PROC_ASLR_STATUS, &aslr_var) != 0) { + msyslog(LOG_ERR,"procctl get aslr status failed"); + exit(253); + } + + if ((aslr != 0 && stack_gap != 0 && + !(aslr_var & PROC_ASLR_FORCE_DISABLE)) || + (aslr_var & PROC_ASLR_FORCE_ENABLE)) { + aslr_var = PROC_ASLR_FORCE_DISABLE; + if (procctl(P_PID, my_pid, PROC_ASLR_CTL, &aslr_var) != 0) { + msyslog(LOG_ERR,"procctl set aslr mode failed"); + exit(252); + } + if (execve(argv[0], argv, environ) != 0) { + msyslog(LOG_ERR,"ntpd reload failed"); + exit(251); + } + } + } +#endif return ntpdmain(argc, argv); } #endif /* !SYS_WINNT */