Print this page
uts: Allow for address space randomisation.
Randomise the base addresses of shared objects, non-fixed mappings, the
stack and the heap.  Introduce a service, svc:/system/process-security,
and a tool psecflags(1) to control and observe it

@@ -134,10 +134,11 @@
 static void     aus_ioctl(struct t_audit_data *);
 static void     aus_memcntl(struct t_audit_data *);
 static void     aus_mmap(struct t_audit_data *);
 static void     aus_munmap(struct t_audit_data *);
 static void     aus_priocntlsys(struct t_audit_data *);
+static void     aus_psecflags(struct t_audit_data *);
 static void     aus_setegid(struct t_audit_data *);
 static void     aus_setgroups(struct t_audit_data *);
 static void     aus_seteuid(struct t_audit_data *);
 static void     aus_putmsg(struct t_audit_data *);
 static void     aus_putpmsg(struct t_audit_data *);

@@ -202,11 +203,11 @@
  */
 aui_null,       AUE_NULL,       aus_null,       /* 0 unused (indirect) */
                 auf_null,       0,
 aui_null,       AUE_EXIT,       aus_exit,       /* 1 exit */
                 auf_null,       S2E_NPT,
-aui_null,       AUE_NULL,       aus_null,       /* 2 (loadable) was forkall */
+aui_null,       AUE_PSECFLAGS,  aus_psecflags,  /* 2 psecflags */
                 auf_null,       0,
 aui_null,       AUE_READ,       aus_null,       /* 3 read */
                 auf_read,       S2E_PUB,
 aui_null,       AUE_WRITE,      aus_null,       /* 4 write */
                 auf_write,      0,

@@ -741,10 +742,24 @@
 
         rval = (uint32_t)uap->rval;
         au_uwrite(au_to_arg32(1, "exit status", rval));
 }
 
+/*ARGSUSED*/
+static void
+aus_psecflags(struct t_audit_data *tad)
+{
+        struct a {
+                uintptr_t psp;  /* procset_t */
+                uint_t cmd;     /* psecflags_cmd_t */
+                uint_t arg;
+        } *uap = (struct a *)ttolwp(curthread)->lwp_ap;
+
+        au_uwrite(au_to_arg32(2, "cmd", (uint_t)uap->cmd));
+        au_uwrite(au_to_arg32(3, "arg", (uint_t)uap->arg));
+}
+
 /* acct start function */
 /*ARGSUSED*/
 static void
 aus_acct(struct t_audit_data *tad)
 {