Print this page
uts: Allow for address space randomisation.
Randomise the base addresses of shared objects, non-fixed mappings, the
stack and the heap.  Introduce a service, svc:/system/process-security,
and a tool psecflags(1) to control and observe it

*** 80,103 **** #define MAP_PRIVATE 2 /* changes are private */ #define MAP_TYPE 0xf /* mask for share type */ /* other flags to mmap (or-ed in to MAP_SHARED or MAP_PRIVATE) */ #define MAP_FIXED 0x10 /* user assigns address */ #define MAP_NORESERVE 0x40 /* don't reserve needed swap area */ #define MAP_ANON 0x100 /* map anonymous pages directly */ #define MAP_ANONYMOUS MAP_ANON /* (source compatibility) */ #define MAP_ALIGN 0x200 /* addr specifies alignment */ #define MAP_TEXT 0x400 /* map code segment */ #define MAP_INITDATA 0x800 /* map data segment */ #ifdef _KERNEL #define _MAP_TEXTREPL 0x1000 #endif /* _KERNEL */ - /* these flags not yet implemented */ - #define MAP_RENAME 0x20 /* rename private pages to file */ - #if (_POSIX_C_SOURCE <= 2) && !defined(_XPG4_2) /* these flags are used by memcntl */ #define PROC_TEXT (PROT_EXEC | PROT_READ) #define PROC_DATA (PROT_READ | PROT_WRITE | PROT_EXEC) #define SHARED 0x10 --- 80,104 ---- #define MAP_PRIVATE 2 /* changes are private */ #define MAP_TYPE 0xf /* mask for share type */ /* other flags to mmap (or-ed in to MAP_SHARED or MAP_PRIVATE) */ #define MAP_FIXED 0x10 /* user assigns address */ + /* Not implemented */ + #define MAP_RENAME 0x20 /* rename private pages to file */ #define MAP_NORESERVE 0x40 /* don't reserve needed swap area */ + /* Note that 0x80 is _MAP_LOW32, defined below */ #define MAP_ANON 0x100 /* map anonymous pages directly */ #define MAP_ANONYMOUS MAP_ANON /* (source compatibility) */ #define MAP_ALIGN 0x200 /* addr specifies alignment */ #define MAP_TEXT 0x400 /* map code segment */ #define MAP_INITDATA 0x800 /* map data segment */ #ifdef _KERNEL #define _MAP_TEXTREPL 0x1000 + #define _MAP_RANDOMIZE 0x2000 #endif /* _KERNEL */ #if (_POSIX_C_SOURCE <= 2) && !defined(_XPG4_2) /* these flags are used by memcntl */ #define PROC_TEXT (PROT_EXEC | PROT_READ) #define PROC_DATA (PROT_READ | PROT_WRITE | PROT_EXEC) #define SHARED 0x10