Print this page
uts: Allow for address space randomisation.
Randomise the base addresses of shared objects, non-fixed mappings, the
stack and the heap. Introduce a service, svc:/system/process-security,
and a tool psecflags(1) to control and observe it
*** 134,143 ****
--- 134,144 ----
static void aus_ioctl(struct t_audit_data *);
static void aus_memcntl(struct t_audit_data *);
static void aus_mmap(struct t_audit_data *);
static void aus_munmap(struct t_audit_data *);
static void aus_priocntlsys(struct t_audit_data *);
+ static void aus_psecflags(struct t_audit_data *);
static void aus_setegid(struct t_audit_data *);
static void aus_setgroups(struct t_audit_data *);
static void aus_seteuid(struct t_audit_data *);
static void aus_putmsg(struct t_audit_data *);
static void aus_putpmsg(struct t_audit_data *);
*** 202,212 ****
*/
aui_null, AUE_NULL, aus_null, /* 0 unused (indirect) */
auf_null, 0,
aui_null, AUE_EXIT, aus_exit, /* 1 exit */
auf_null, S2E_NPT,
! aui_null, AUE_NULL, aus_null, /* 2 (loadable) was forkall */
auf_null, 0,
aui_null, AUE_READ, aus_null, /* 3 read */
auf_read, S2E_PUB,
aui_null, AUE_WRITE, aus_null, /* 4 write */
auf_write, 0,
--- 203,213 ----
*/
aui_null, AUE_NULL, aus_null, /* 0 unused (indirect) */
auf_null, 0,
aui_null, AUE_EXIT, aus_exit, /* 1 exit */
auf_null, S2E_NPT,
! aui_null, AUE_PSECFLAGS, aus_psecflags, /* 2 psecflags */
auf_null, 0,
aui_null, AUE_READ, aus_null, /* 3 read */
auf_read, S2E_PUB,
aui_null, AUE_WRITE, aus_null, /* 4 write */
auf_write, 0,
*** 741,750 ****
--- 742,765 ----
rval = (uint32_t)uap->rval;
au_uwrite(au_to_arg32(1, "exit status", rval));
}
+ /*ARGSUSED*/
+ static void
+ aus_psecflags(struct t_audit_data *tad)
+ {
+ struct a {
+ uintptr_t psp; /* procset_t */
+ uint_t cmd; /* psecflags_cmd_t */
+ uint_t arg;
+ } *uap = (struct a *)ttolwp(curthread)->lwp_ap;
+
+ au_uwrite(au_to_arg32(2, "cmd", (uint_t)uap->cmd));
+ au_uwrite(au_to_arg32(3, "arg", (uint_t)uap->arg));
+ }
+
/* acct start function */
/*ARGSUSED*/
static void
aus_acct(struct t_audit_data *tad)
{