Print this page
uts: Allow for address space randomisation.
Randomise the base addresses of shared objects, non-fixed mappings, the
stack and the heap.  Introduce a service, svc:/system/process-security,
and a tool psecflags(1) to control and observe it


 923  * exempt library from the check. It is valid to have multiple invocations of
 924  * the second form. We silently ignore mulitple occurrences of the first form
 925  * and multiple invocations of the first form when the second form also occurs.
 926  *
 927  * We only return false when we have an internal error, such as the failure of
 928  * aplist_append. Every other time we return true, but we have the appropriate
 929  * fatal flags set beacuse of the ld_eprintf.
 930  */
 931 static int
 932 assdeflib_parse(Ofl_desc *ofl, char *optarg)
 933 {
 934         size_t olen, mlen;
 935         ofl->ofl_flags |= FLG_OF_ADEFLIB;
 936 
 937         olen = strlen(optarg);
 938         /* Minimum size of assert-deflib=lib%s.so */
 939         mlen = MSG_ARG_ASSDEFLIB_SIZE + 1 + MSG_STR_LIB_SIZE +
 940             MSG_STR_SOEXT_SIZE;
 941         if (olen > MSG_ARG_ASSDEFLIB_SIZE) {
 942                 if (optarg[MSG_ARG_ASSDEFLIB_SIZE] != '=') {
 943                         ld_eprintf(ofl, ERR_FATAL, "Missing =\n");
 944                         ld_eprintf(ofl, ERR_FATAL, MSG_INTL(MSG_ARG_ILLEGAL),
 945                             MSG_ORIG(MSG_ARG_ASSDEFLIB), optarg);
 946                         return (TRUE);
 947                 }
 948 
 949                 if (strncmp(optarg + MSG_ARG_ASSDEFLIB_SIZE + 1,
 950                     MSG_ORIG(MSG_STR_LIB), MSG_STR_LIB_SIZE) != 0 ||
 951                     strcmp(optarg + olen - MSG_STR_SOEXT_SIZE,
 952                     MSG_ORIG(MSG_STR_SOEXT)) != 0 || olen <= mlen) {
 953                         ld_eprintf(ofl, ERR_FATAL,
 954                             MSG_INTL(MSG_ARG_ASSDEFLIB_MALFORMED), optarg);
 955                         return (TRUE);
 956                 }
 957 
 958                 if (aplist_append(&ofl->ofl_assdeflib, optarg +
 959                     MSG_ARG_ASSDEFLIB_SIZE + 1, AL_CNT_ASSDEFLIB) == NULL)
 960                         return (FALSE);
 961         }
 962 
 963         return (TRUE);


1420                                         ofl->ofl_ars_gsandx = 0;
1421                                 } else if (ofl->ofl_ars_gsandx == 0) {
1422                                         /* There was no matching begin */
1423                                         ld_eprintf(ofl, ERR_FATAL,
1424                                             MSG_INTL(MSG_ARG_AR_GRP_BAD),
1425                                             MSG_INTL(MSG_MARG_AR_GRP_END),
1426                                             MSG_INTL(MSG_MARG_AR_GRP_START));
1427                                         /* Don't report cascading errors */
1428                                         ofl->ofl_ars_gsandx = -1;
1429                                 }
1430 
1431                         /*
1432                          * If -z wrap is seen, enter the symbol to be wrapped
1433                          * into the wrap AVL tree.
1434                          */
1435                         } else if (strncmp(optarg, MSG_ORIG(MSG_ARG_WRAP),
1436                             MSG_ARG_WRAP_SIZE) == 0) {
1437                                 if (ld_wrap_enter(ofl,
1438                                     optarg + MSG_ARG_WRAP_SIZE) == NULL)
1439                                         return (S_ERROR);


























1440                         } else if ((strncmp(optarg, MSG_ORIG(MSG_ARG_GUIDE),
1441                             MSG_ARG_GUIDE_SIZE) == 0) &&
1442                             ((optarg[MSG_ARG_GUIDE_SIZE] == '=') ||
1443                             (optarg[MSG_ARG_GUIDE_SIZE] == '\0'))) {
1444                                 if (!guidance_parse(ofl, optarg))
1445                                         return (S_ERROR);
1446                         } else if (strcmp(optarg,
1447                             MSG_ORIG(MSG_ARG_FATWARN)) == 0) {
1448                                 if (zfwflag  == SET_FALSE) {
1449                                         ld_eprintf(ofl, ERR_WARNING_NF,
1450                                             MSG_INTL(MSG_ARG_MTONCE),
1451                                             MSG_ORIG(MSG_ARG_ZFATWNOFATW));
1452                                 } else {
1453                                         zfwflag = SET_TRUE;
1454                                         ofl->ofl_flags |= FLG_OF_FATWARN;
1455                                 }
1456                         } else if (strcmp(optarg,
1457                             MSG_ORIG(MSG_ARG_NOFATWARN)) == 0) {
1458                                 if (zfwflag  == SET_TRUE)
1459                                         ld_eprintf(ofl, ERR_WARNING_NF,




 923  * exempt library from the check. It is valid to have multiple invocations of
 924  * the second form. We silently ignore mulitple occurrences of the first form
 925  * and multiple invocations of the first form when the second form also occurs.
 926  *
 927  * We only return false when we have an internal error, such as the failure of
 928  * aplist_append. Every other time we return true, but we have the appropriate
 929  * fatal flags set beacuse of the ld_eprintf.
 930  */
 931 static int
 932 assdeflib_parse(Ofl_desc *ofl, char *optarg)
 933 {
 934         size_t olen, mlen;
 935         ofl->ofl_flags |= FLG_OF_ADEFLIB;
 936 
 937         olen = strlen(optarg);
 938         /* Minimum size of assert-deflib=lib%s.so */
 939         mlen = MSG_ARG_ASSDEFLIB_SIZE + 1 + MSG_STR_LIB_SIZE +
 940             MSG_STR_SOEXT_SIZE;
 941         if (olen > MSG_ARG_ASSDEFLIB_SIZE) {
 942                 if (optarg[MSG_ARG_ASSDEFLIB_SIZE] != '=') {

 943                         ld_eprintf(ofl, ERR_FATAL, MSG_INTL(MSG_ARG_ILLEGAL),
 944                             MSG_ORIG(MSG_ARG_ASSDEFLIB), optarg);
 945                         return (TRUE);
 946                 }
 947 
 948                 if (strncmp(optarg + MSG_ARG_ASSDEFLIB_SIZE + 1,
 949                     MSG_ORIG(MSG_STR_LIB), MSG_STR_LIB_SIZE) != 0 ||
 950                     strcmp(optarg + olen - MSG_STR_SOEXT_SIZE,
 951                     MSG_ORIG(MSG_STR_SOEXT)) != 0 || olen <= mlen) {
 952                         ld_eprintf(ofl, ERR_FATAL,
 953                             MSG_INTL(MSG_ARG_ASSDEFLIB_MALFORMED), optarg);
 954                         return (TRUE);
 955                 }
 956 
 957                 if (aplist_append(&ofl->ofl_assdeflib, optarg +
 958                     MSG_ARG_ASSDEFLIB_SIZE + 1, AL_CNT_ASSDEFLIB) == NULL)
 959                         return (FALSE);
 960         }
 961 
 962         return (TRUE);


1419                                         ofl->ofl_ars_gsandx = 0;
1420                                 } else if (ofl->ofl_ars_gsandx == 0) {
1421                                         /* There was no matching begin */
1422                                         ld_eprintf(ofl, ERR_FATAL,
1423                                             MSG_INTL(MSG_ARG_AR_GRP_BAD),
1424                                             MSG_INTL(MSG_MARG_AR_GRP_END),
1425                                             MSG_INTL(MSG_MARG_AR_GRP_START));
1426                                         /* Don't report cascading errors */
1427                                         ofl->ofl_ars_gsandx = -1;
1428                                 }
1429 
1430                         /*
1431                          * If -z wrap is seen, enter the symbol to be wrapped
1432                          * into the wrap AVL tree.
1433                          */
1434                         } else if (strncmp(optarg, MSG_ORIG(MSG_ARG_WRAP),
1435                             MSG_ARG_WRAP_SIZE) == 0) {
1436                                 if (ld_wrap_enter(ofl,
1437                                     optarg + MSG_ARG_WRAP_SIZE) == NULL)
1438                                         return (S_ERROR);
1439                         } else if (strncmp(optarg, MSG_ORIG(MSG_ARG_ASLR),
1440                             MSG_ARG_ASLR_SIZE) == 0) {
1441                                 char *p = optarg + MSG_ARG_ASLR_SIZE;
1442                                 if (*p == '\0') {
1443                                         ofl->ofl_aslr = 1;
1444                                 } else if (*p == '=') {
1445                                         p++;
1446 
1447                                         if (strcmp(p,
1448                                             MSG_ORIG(MSG_ARG_ENABLED)) == 0) {
1449                                                 ofl->ofl_aslr = 1;
1450                                         } else if (strcmp(p,
1451                                             MSG_ORIG(MSG_ARG_DISABLED)) == 0) {
1452                                                 ofl->ofl_aslr = -1;
1453                                         } else {
1454                                                 ld_eprintf(ofl, ERR_FATAL,
1455                                                     MSG_INTL(MSG_ARG_ILLEGAL),
1456                                                     MSG_ORIG(MSG_ARG_ZASLR), p);
1457                                                 return (S_ERROR);
1458                                         }
1459                                 } else {
1460                                         ld_eprintf(ofl, ERR_FATAL,
1461                                             MSG_INTL(MSG_ARG_ILLEGAL),
1462                                             MSG_ORIG(MSG_ARG_Z), optarg);
1463                                         return (S_ERROR);
1464                                 }
1465                         } else if ((strncmp(optarg, MSG_ORIG(MSG_ARG_GUIDE),
1466                             MSG_ARG_GUIDE_SIZE) == 0) &&
1467                             ((optarg[MSG_ARG_GUIDE_SIZE] == '=') ||
1468                             (optarg[MSG_ARG_GUIDE_SIZE] == '\0'))) {
1469                                 if (!guidance_parse(ofl, optarg))
1470                                         return (S_ERROR);
1471                         } else if (strcmp(optarg,
1472                             MSG_ORIG(MSG_ARG_FATWARN)) == 0) {
1473                                 if (zfwflag  == SET_FALSE) {
1474                                         ld_eprintf(ofl, ERR_WARNING_NF,
1475                                             MSG_INTL(MSG_ARG_MTONCE),
1476                                             MSG_ORIG(MSG_ARG_ZFATWNOFATW));
1477                                 } else {
1478                                         zfwflag = SET_TRUE;
1479                                         ofl->ofl_flags |= FLG_OF_FATWARN;
1480                                 }
1481                         } else if (strcmp(optarg,
1482                             MSG_ORIG(MSG_ARG_NOFATWARN)) == 0) {
1483                                 if (zfwflag  == SET_TRUE)
1484                                         ld_eprintf(ofl, ERR_WARNING_NF,