diff --git a/contrib/ntp/ntpd/ntpd.c b/contrib/ntp/ntpd/ntpd.c
index bcfca27a535..284d1300ed9 100644
--- a/contrib/ntp/ntpd/ntpd.c
+++ b/contrib/ntp/ntpd/ntpd.c
@@ -138,6 +138,13 @@
 # include <seccomp.h>
 #endif /* LIBSECCOMP and KERN_SECCOMP */
 
+#ifdef __FreeBSD_cc_version
+#include <sys/types.h>
+#include <sys/sysctl.h>
+#include <sys/procctl.h>
+extern char **environ;
+#endif
+
 #ifdef HAVE_DNSREGISTRATION
 # include <dns_sd.h>
 DNSServiceRef mdns;
@@ -402,6 +409,49 @@ main(
 	char *argv[]
 	)
 {
+#ifdef __FreeBSD_cc_version
+#ifdef _LP64
+#define ASLR_ENABLE	"kern.elf64.aslr.enable"
+#define ASLR_STACK_GAP	"kern.elf64.aslr.stack_gap"
+#else
+#define ASLR_ENABLE	"kern.elf32.aslr.enable"
+#define ASLR_STACK_GAP	"kern.elf32.aslr.stack_gap"
+#endif
+	{
+		int	aslr, stack_gap, aslr_var;
+		size_t	aslr_len = sizeof(aslr);
+		size_t	stack_gap_len = sizeof(stack_gap);
+
+		pid_t	my_pid = getpid();
+
+		if (sysctlbyname(ASLR_ENABLE, &aslr, &aslr_len, NULL, 0) != 0) {
+			msyslog(LOG_ERR,"sysctlbyname aslr failed");
+			exit(255);
+		}
+		if (sysctlbyname(ASLR_STACK_GAP, &stack_gap, &stack_gap_len, NULL, 0) != 0) {
+			msyslog(LOG_ERR,"sysctlbyname stack gap failed");
+			exit(254);
+		}
+		if (procctl(P_PID, my_pid, PROC_ASLR_STATUS, &aslr_var) != 0) {
+			msyslog(LOG_ERR,"procctl get aslr status failed");
+			exit(253);
+		}
+
+		if ((aslr != 0 && stack_gap != 0 &&
+			!(aslr_var & PROC_ASLR_FORCE_DISABLE)) ||
+			(aslr_var & PROC_ASLR_FORCE_ENABLE)) {
+			aslr_var = PROC_ASLR_FORCE_DISABLE;
+			if (procctl(P_PID, my_pid, PROC_ASLR_CTL, &aslr_var) != 0) {
+				msyslog(LOG_ERR,"procctl set aslr mode failed");
+				exit(252);
+			}
+			if (execve(argv[0], argv, environ) != 0) {
+				msyslog(LOG_ERR,"ntpd reload failed");
+				exit(251);
+			}
+		}
+	}
+#endif
 	return ntpdmain(argc, argv);
 }
 #endif /* !SYS_WINNT */