Print this page
uts: Allow for address space randomisation.
Randomise the base addresses of shared objects, non-fixed mappings, the
stack and the heap.  Introduce a service, svc:/system/process-security,
and a tool psecflags(1) to control and observe it

@@ -157,5 +157,32 @@
                         (pctx->free_op)(pctx->arg, isexec);
                 kmem_free(pctx, sizeof (struct pctxop));
         }
         kpreempt_enable();
 }
+
+boolean_t
+secflag_enabled(proc_t *p, uint_t flag)
+{
+        return ((p->p_secflags.psf_effective & flag) != 0);
+}
+
+void
+secflag_set(proc_t *p, uint_t flag)
+{
+        p->p_secflags.psf_inherit = flag;
+}
+
+void
+secflag_enable(proc_t *p, uint_t flag) {
+        p->p_secflags.psf_inherit |= flag;
+}
+
+void
+secflag_disable(proc_t *p, uint_t flag) {
+        p->p_secflags.psf_inherit &= ~flag;
+}
+
+void
+secflag_promote(proc_t *p) {
+        p->p_secflags.psf_effective = p->p_secflags.psf_inherit;
+}