Print this page
uts: Allow for address space randomisation.
Randomise the base addresses of shared objects, non-fixed mappings, the
stack and the heap.  Introduce a service, svc:/system/process-security,
and a tool psecflags(1) to control and observe it

Split Close
Expand all
Collapse all
          --- old/usr/src/uts/common/os/sysent.c
          +++ new/usr/src/uts/common/os/sysent.c
↓ open down ↓ 104 lines elided ↑ open up ↑
 105  105  int     mount(long *, rval_t *);
 106  106  int     nice(int);
 107  107  int     nullsys();
 108  108  int     open(char *, int, int);
 109  109  int     openat(int, char *, int, int);
 110  110  int     pause();
 111  111  long    pcsample(void *, long);
 112  112  int     privsys(int, priv_op_t, priv_ptype_t, void *, size_t, int);
 113  113  int     profil(unsigned short *, size_t, ulong_t, uint_t);
 114  114  ssize_t pread(int, void *, size_t, off_t);
      115 +int     psecflags();
 115  116  ssize_t pwrite(int, void *, size_t, off_t);
 116  117  ssize_t read(int, void *, size_t);
 117  118  int     rename(char *, char *);
 118  119  int     renameat(int, char *, int, char *);
 119  120  void    rexit(int);
 120  121  int     semsys();
 121  122  int     setgid(gid_t);
 122  123  int     setpgrp(int, int, int);
 123  124  int     setuid(uid_t);
 124  125  uintptr_t       shmsys();
↓ open down ↓ 307 lines elided ↑ open up ↑
 432  433  
 433  434  /*
 434  435   * Native sysent table.
 435  436   */
 436  437  struct sysent sysent[NSYSCALL] =
 437  438  {
 438  439          /*  0 */ IF_LP64(
 439  440                          SYSENT_NOSYS(),
 440  441                          SYSENT_C("indir",       indir,          1)),
 441  442          /*  1 */ SYSENT_CI("exit",              rexit,          1),
 442      -        /*  2 */ SYSENT_LOADABLE(),                     /* (was forkall) */
      443 +        /*  2 */ SYSENT_CI("psecflags",         psecflags,      3),
 443  444          /*  3 */ SYSENT_CL("read",              read,           3),
 444  445          /*  4 */ SYSENT_CL("write",             write,          3),
 445  446          /*  5 */ SYSENT_CI("open",              open,           3),
 446  447          /*  6 */ SYSENT_CI("close",             close,          1),
 447  448          /*  7 */ SYSENT_CI("linkat",            linkat,         5),
 448  449          /*  8 */ SYSENT_LOADABLE(),                     /* (was creat) */
 449  450          /*  9 */ SYSENT_CI("link",              link,           2),
 450  451          /* 10 */ SYSENT_CI("unlink",            unlink,         1),
 451  452          /* 11 */ SYSENT_CI("symlinkat",         symlinkat,      3),
 452  453          /* 12 */ SYSENT_CI("chdir",             chdir,          1),
↓ open down ↓ 360 lines elided ↑ open up ↑
 813  814  extern int ucredsys32(int, int, caddr32_t);
 814  815  
 815  816  /*
 816  817   * sysent table for ILP32 processes running on
 817  818   * a LP64 kernel.
 818  819   */
 819  820  struct sysent sysent32[NSYSCALL] =
 820  821  {
 821  822          /*  0 */ SYSENT_C("indir",              indir,          1),
 822  823          /*  1 */ SYSENT_CI("exit",      (int (*)())rexit,       1),
 823      -        /*  2 */ SYSENT_LOADABLE32(),                   /* (was forkall) */
      824 +        /*  2 */ SYSENT_CI("psecflags",         psecflags,      3),
 824  825          /*  3 */ SYSENT_CI("read",              read32,         3),
 825  826          /*  4 */ SYSENT_CI("write",             write32,        3),
 826  827          /*  5 */ SYSENT_CI("open",              open32,         3),
 827  828          /*  6 */ SYSENT_CI("close",             close,          1),
 828  829          /*  7 */ SYSENT_CI("linkat",            linkat,         5),
 829  830          /*  8 */ SYSENT_LOADABLE32(),                   /* (was creat32) */
 830  831          /*  9 */ SYSENT_CI("link",              link,           2),
 831  832          /* 10 */ SYSENT_CI("unlink",            unlink,         1),
 832  833          /* 11 */ SYSENT_CI("symlinkat",         symlinkat,      3),
 833  834          /* 12 */ SYSENT_CI("chdir",             chdir,          1),
↓ open down ↓ 373 lines elided ↑ open up ↑
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX