Print this page
uts: Allow for address space randomisation.
Randomise the base addresses of shared objects, non-fixed mappings, the
stack and the heap.  Introduce a service, svc:/system/process-security,
and a tool psecflags(1) to control and observe it


  50 #include <sys/modctl.h>
  51 #include <sys/acl.h>
  52 #include <stropts.h>
  53 #include <sys/isa_defs.h>
  54 #include <sys/systeminfo.h>
  55 #include <sys/cladm.h>
  56 #include <sys/lwp.h>
  57 #include <bsm/audit.h>
  58 #include <libproc.h>
  59 #include <priv.h>
  60 #include <sys/aio.h>
  61 #include <sys/aiocb.h>
  62 #include <sys/corectl.h>
  63 #include <sys/cpc_impl.h>
  64 #include <sys/priocntl.h>
  65 #include <sys/tspriocntl.h>
  66 #include <sys/iapriocntl.h>
  67 #include <sys/rtpriocntl.h>
  68 #include <sys/fsspriocntl.h>
  69 #include <sys/fxpriocntl.h>

  70 #include <netdb.h>
  71 #include <nss_dbdefs.h>
  72 #include <sys/socketvar.h>
  73 #include <netinet/in.h>
  74 #include <netinet/tcp.h>
  75 #include <netinet/udp.h>
  76 #include <netinet/sctp.h>
  77 #include <net/route.h>
  78 #include <sys/utrap.h>
  79 #include <sys/lgrp_user.h>
  80 #include <sys/door.h>
  81 #include <sys/tsol/tndb.h>
  82 #include <sys/rctl.h>
  83 #include <sys/rctl_impl.h>
  84 #include <sys/fork.h>
  85 #include <sys/task.h>
  86 #include <sys/random.h>
  87 #include "ramdata.h"
  88 #include "print.h"
  89 #include "proto.h"


1583 
1584         if (Pread(Proc, &prms, sizeof (prms), val) != sizeof (prms)) {
1585                 prt_hex(pri, 0, val);
1586                 return;
1587         }
1588 
1589         if ((cnt = prms.pc_vaparmscnt) > PC_VAPARMCNT)
1590                 return;
1591 
1592         for (; cnt--; vpp++) {
1593                 print_pck(pri, 0, vpp->pc_key);
1594                 outstring(pri, ", ");
1595                 prt_hex(pri, 0, (long)vpp->pc_parm);
1596                 outstring(pri, ", ");
1597         }
1598 
1599         prt_dec(pri, 0, PC_KY_NULL);
1600 }
1601 
1602 /*


















































1603  * Print processor set id, including logical expansion of "special" ids.
1604  */
1605 void
1606 prt_pst(private_t *pri, int raw, long val)
1607 {
1608         const char *s = NULL;
1609 
1610         if (!raw) {
1611                 switch ((psetid_t)val) {
1612                 case PS_NONE:           s = "PS_NONE";          break;
1613                 case PS_QUERY:          s = "PS_QUERY";         break;
1614                 case PS_MYID:           s = "PS_MYID";          break;
1615                 }
1616         }
1617 
1618         if (s == NULL)
1619                 prt_dec(pri, 0, val);
1620         else
1621                 outstring(pri, s);
1622 }


2853         prt_key,        /* KEY -- print key_t 0 as IPC_PRIVATE */
2854         prt_zga,        /* ZGA -- print zone_getattr attribute types */
2855         prt_atc,        /* ATC -- print AT_FDCWD or file descriptor */
2856         prt_lio,        /* LIO -- print LIO_XX flags */
2857         prt_dfl,        /* DFL -- print door_create() flags */
2858         prt_dpm,        /* DPM -- print DOOR_PARAM_XX flags */
2859         prt_tnd,        /* TND -- print trusted network data base opcode */
2860         prt_rsc,        /* RSC -- print rctlsys() subcodes */
2861         prt_rgf,        /* RGF -- print getrctl() flags */
2862         prt_rsf,        /* RSF -- print setrctl() flags */
2863         prt_rcf,        /* RCF -- print rctlsys_ctl() flags */
2864         prt_fxf,        /* FXF -- print forkx() flags */
2865         prt_spf,        /* SPF -- print rctlsys_projset() flags */
2866         prt_un1,        /* UN1 -- as prt_uns except for -1 */
2867         prt_mob,        /* MOB -- print mmapobj() flags */
2868         prt_snf,        /* SNF -- print AT_SYMLINK_[NO]FOLLOW flag */
2869         prt_skc,        /* SKC -- print sockconfig() subcode */
2870         prt_acf,        /* ACF -- print accept4 flags */
2871         prt_pfd,        /* PFD -- print pipe fds */
2872         prt_grf,        /* GRF -- print getrandom flags */


2873         prt_dec,        /* HID -- hidden argument, make this the last one */
2874 };


  50 #include <sys/modctl.h>
  51 #include <sys/acl.h>
  52 #include <stropts.h>
  53 #include <sys/isa_defs.h>
  54 #include <sys/systeminfo.h>
  55 #include <sys/cladm.h>
  56 #include <sys/lwp.h>
  57 #include <bsm/audit.h>
  58 #include <libproc.h>
  59 #include <priv.h>
  60 #include <sys/aio.h>
  61 #include <sys/aiocb.h>
  62 #include <sys/corectl.h>
  63 #include <sys/cpc_impl.h>
  64 #include <sys/priocntl.h>
  65 #include <sys/tspriocntl.h>
  66 #include <sys/iapriocntl.h>
  67 #include <sys/rtpriocntl.h>
  68 #include <sys/fsspriocntl.h>
  69 #include <sys/fxpriocntl.h>
  70 #include <sys/proc.h>
  71 #include <netdb.h>
  72 #include <nss_dbdefs.h>
  73 #include <sys/socketvar.h>
  74 #include <netinet/in.h>
  75 #include <netinet/tcp.h>
  76 #include <netinet/udp.h>
  77 #include <netinet/sctp.h>
  78 #include <net/route.h>
  79 #include <sys/utrap.h>
  80 #include <sys/lgrp_user.h>
  81 #include <sys/door.h>
  82 #include <sys/tsol/tndb.h>
  83 #include <sys/rctl.h>
  84 #include <sys/rctl_impl.h>
  85 #include <sys/fork.h>
  86 #include <sys/task.h>
  87 #include <sys/random.h>
  88 #include "ramdata.h"
  89 #include "print.h"
  90 #include "proto.h"


1584 
1585         if (Pread(Proc, &prms, sizeof (prms), val) != sizeof (prms)) {
1586                 prt_hex(pri, 0, val);
1587                 return;
1588         }
1589 
1590         if ((cnt = prms.pc_vaparmscnt) > PC_VAPARMCNT)
1591                 return;
1592 
1593         for (; cnt--; vpp++) {
1594                 print_pck(pri, 0, vpp->pc_key);
1595                 outstring(pri, ", ");
1596                 prt_hex(pri, 0, (long)vpp->pc_parm);
1597                 outstring(pri, ", ");
1598         }
1599 
1600         prt_dec(pri, 0, PC_KY_NULL);
1601 }
1602 
1603 /*
1604  * Print a psecflags(2) command
1605  */
1606 void
1607 prt_psfcmd(private_t *pri, int raw, long val)
1608 {
1609         const char *s = NULL;
1610 
1611         if (raw == 0) {
1612                 switch ((psecflags_cmd_t)val) {
1613                 case PSECFLAGS_SET:
1614                         s = "PSECFLAGS_SET";
1615                         break;
1616                 case PSECFLAGS_DISABLE:
1617                         s = "PSECFLAGS_DISABLE";
1618                         break;
1619                 case PSECFLAGS_ENABLE:
1620                         s = "PSECFLAGS_ENABLE";
1621                         break;
1622                 }
1623         }
1624 
1625         if (s == NULL)
1626                 prt_dec(pri, 0, val);
1627         else
1628                 outstring(pri, s);
1629 }
1630 
1631 void
1632 prt_psflags(private_t *pri, int raw, long val)
1633 {
1634         char *str = pri->code_buf;
1635 
1636         if (raw == 1) {
1637                 prt_hex(pri, 0, val);
1638                 return;
1639         }
1640 
1641         *str = '\0';
1642         if (val & PROC_SEC_ASLR) {
1643                 (void) strlcat(str, "|PROC_SEC_ASLR", sizeof (pri->code_buf));
1644                 val &= ~PROC_SEC_ASLR;
1645         }
1646 
1647         if (val != 0)
1648                 (void) snprintf(str, sizeof (pri->code_buf), "%s|%x", str, val);
1649 
1650         outstring(pri, str + 1);
1651 }
1652 
1653 /*
1654  * Print processor set id, including logical expansion of "special" ids.
1655  */
1656 void
1657 prt_pst(private_t *pri, int raw, long val)
1658 {
1659         const char *s = NULL;
1660 
1661         if (!raw) {
1662                 switch ((psetid_t)val) {
1663                 case PS_NONE:           s = "PS_NONE";          break;
1664                 case PS_QUERY:          s = "PS_QUERY";         break;
1665                 case PS_MYID:           s = "PS_MYID";          break;
1666                 }
1667         }
1668 
1669         if (s == NULL)
1670                 prt_dec(pri, 0, val);
1671         else
1672                 outstring(pri, s);
1673 }


2904         prt_key,        /* KEY -- print key_t 0 as IPC_PRIVATE */
2905         prt_zga,        /* ZGA -- print zone_getattr attribute types */
2906         prt_atc,        /* ATC -- print AT_FDCWD or file descriptor */
2907         prt_lio,        /* LIO -- print LIO_XX flags */
2908         prt_dfl,        /* DFL -- print door_create() flags */
2909         prt_dpm,        /* DPM -- print DOOR_PARAM_XX flags */
2910         prt_tnd,        /* TND -- print trusted network data base opcode */
2911         prt_rsc,        /* RSC -- print rctlsys() subcodes */
2912         prt_rgf,        /* RGF -- print getrctl() flags */
2913         prt_rsf,        /* RSF -- print setrctl() flags */
2914         prt_rcf,        /* RCF -- print rctlsys_ctl() flags */
2915         prt_fxf,        /* FXF -- print forkx() flags */
2916         prt_spf,        /* SPF -- print rctlsys_projset() flags */
2917         prt_un1,        /* UN1 -- as prt_uns except for -1 */
2918         prt_mob,        /* MOB -- print mmapobj() flags */
2919         prt_snf,        /* SNF -- print AT_SYMLINK_[NO]FOLLOW flag */
2920         prt_skc,        /* SKC -- print sockconfig() subcode */
2921         prt_acf,        /* ACF -- print accept4 flags */
2922         prt_pfd,        /* PFD -- print pipe fds */
2923         prt_grf,        /* GRF -- print getrandom flags */
2924         prt_psfcmd,     /* PSFCMD -- print psecflags(2) command */
2925         prt_psflags,    /* PSFLG -- print psecflags(2) flags */
2926         prt_dec,        /* HID -- hidden argument, make this the last one */
2927 };