Print this page
uts: Allow for address space randomisation.
Randomise the base addresses of shared objects, non-fixed mappings, the
stack and the heap.  Introduce a service, svc:/system/process-security,
and a tool psecflags(1) to control and observe it

Split Close
Expand all
Collapse all
          --- old/usr/src/cmd/sgs/libld/common/args.c
          +++ new/usr/src/cmd/sgs/libld/common/args.c
↓ open down ↓ 932 lines elided ↑ open up ↑
 933  933  {
 934  934          size_t olen, mlen;
 935  935          ofl->ofl_flags |= FLG_OF_ADEFLIB;
 936  936  
 937  937          olen = strlen(optarg);
 938  938          /* Minimum size of assert-deflib=lib%s.so */
 939  939          mlen = MSG_ARG_ASSDEFLIB_SIZE + 1 + MSG_STR_LIB_SIZE +
 940  940              MSG_STR_SOEXT_SIZE;
 941  941          if (olen > MSG_ARG_ASSDEFLIB_SIZE) {
 942  942                  if (optarg[MSG_ARG_ASSDEFLIB_SIZE] != '=') {
 943      -                        ld_eprintf(ofl, ERR_FATAL, "Missing =\n");
 944  943                          ld_eprintf(ofl, ERR_FATAL, MSG_INTL(MSG_ARG_ILLEGAL),
 945  944                              MSG_ORIG(MSG_ARG_ASSDEFLIB), optarg);
 946  945                          return (TRUE);
 947  946                  }
 948  947  
 949  948                  if (strncmp(optarg + MSG_ARG_ASSDEFLIB_SIZE + 1,
 950  949                      MSG_ORIG(MSG_STR_LIB), MSG_STR_LIB_SIZE) != 0 ||
 951  950                      strcmp(optarg + olen - MSG_STR_SOEXT_SIZE,
 952  951                      MSG_ORIG(MSG_STR_SOEXT)) != 0 || olen <= mlen) {
 953  952                          ld_eprintf(ofl, ERR_FATAL,
↓ open down ↓ 476 lines elided ↑ open up ↑
1430 1429  
1431 1430                          /*
1432 1431                           * If -z wrap is seen, enter the symbol to be wrapped
1433 1432                           * into the wrap AVL tree.
1434 1433                           */
1435 1434                          } else if (strncmp(optarg, MSG_ORIG(MSG_ARG_WRAP),
1436 1435                              MSG_ARG_WRAP_SIZE) == 0) {
1437 1436                                  if (ld_wrap_enter(ofl,
1438 1437                                      optarg + MSG_ARG_WRAP_SIZE) == NULL)
1439 1438                                          return (S_ERROR);
     1439 +                        } else if (strncmp(optarg, MSG_ORIG(MSG_ARG_ASLR),
     1440 +                            MSG_ARG_ASLR_SIZE) == 0) {
     1441 +                                char *p = optarg + MSG_ARG_ASLR_SIZE;
     1442 +                                if (*p == '\0') {
     1443 +                                        ofl->ofl_aslr = 1;
     1444 +                                } else if (*p == '=') {
     1445 +                                        p++;
     1446 +
     1447 +                                        if (strcmp(p,
     1448 +                                            MSG_ORIG(MSG_ARG_ENABLED)) == 0) {
     1449 +                                                ofl->ofl_aslr = 1;
     1450 +                                        } else if (strcmp(p,
     1451 +                                            MSG_ORIG(MSG_ARG_DISABLED)) == 0) {
     1452 +                                                ofl->ofl_aslr = -1;
     1453 +                                        } else {
     1454 +                                                ld_eprintf(ofl, ERR_FATAL,
     1455 +                                                    MSG_INTL(MSG_ARG_ILLEGAL),
     1456 +                                                    MSG_ORIG(MSG_ARG_ZASLR), p);
     1457 +                                                return (S_ERROR);
     1458 +                                        }
     1459 +                                } else {
     1460 +                                        ld_eprintf(ofl, ERR_FATAL,
     1461 +                                            MSG_INTL(MSG_ARG_ILLEGAL),
     1462 +                                            MSG_ORIG(MSG_ARG_Z), optarg);
     1463 +                                        return (S_ERROR);
     1464 +                                }
1440 1465                          } else if ((strncmp(optarg, MSG_ORIG(MSG_ARG_GUIDE),
1441 1466                              MSG_ARG_GUIDE_SIZE) == 0) &&
1442 1467                              ((optarg[MSG_ARG_GUIDE_SIZE] == '=') ||
1443 1468                              (optarg[MSG_ARG_GUIDE_SIZE] == '\0'))) {
1444 1469                                  if (!guidance_parse(ofl, optarg))
1445 1470                                          return (S_ERROR);
1446 1471                          } else if (strcmp(optarg,
1447 1472                              MSG_ORIG(MSG_ARG_FATWARN)) == 0) {
1448 1473                                  if (zfwflag  == SET_FALSE) {
1449 1474                                          ld_eprintf(ofl, ERR_WARNING_NF,
↓ open down ↓ 696 lines elided ↑ open up ↑
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX