Print this page
uts: Allow for address space randomisation.
Randomise the base addresses of shared objects, non-fixed mappings, the
stack and the heap.  Introduce a service, svc:/system/process-security,
and a tool psecflags(1) to control and observe it

Split Close
Expand all
Collapse all
          --- old/usr/src/uts/common/sys/mman.h
          +++ new/usr/src/uts/common/sys/mman.h
↓ open down ↓ 74 lines elided ↑ open up ↑
  75   75  
  76   76  #define PROT_NONE       0x0             /* pages cannot be accessed */
  77   77  
  78   78  /* sharing types:  must choose either SHARED or PRIVATE */
  79   79  #define MAP_SHARED      1               /* share changes */
  80   80  #define MAP_PRIVATE     2               /* changes are private */
  81   81  #define MAP_TYPE        0xf             /* mask for share type */
  82   82  
  83   83  /* other flags to mmap (or-ed in to MAP_SHARED or MAP_PRIVATE) */
  84   84  #define MAP_FIXED       0x10            /* user assigns address */
       85 +/* Not implemented */
       86 +#define MAP_RENAME      0x20            /* rename private pages to file */
  85   87  #define MAP_NORESERVE   0x40            /* don't reserve needed swap area */
       88 +/* Note that 0x80 is _MAP_LOW32, defined below */
  86   89  #define MAP_ANON        0x100           /* map anonymous pages directly */
  87   90  #define MAP_ANONYMOUS   MAP_ANON        /* (source compatibility) */
  88   91  #define MAP_ALIGN       0x200           /* addr specifies alignment */
  89   92  #define MAP_TEXT        0x400           /* map code segment */
  90   93  #define MAP_INITDATA    0x800           /* map data segment */
  91   94  
  92   95  #ifdef _KERNEL
  93   96  #define _MAP_TEXTREPL   0x1000
       97 +#define _MAP_RANDOMIZE  0x2000
  94   98  #endif /* _KERNEL */
  95   99  
  96      -/* these flags not yet implemented */
  97      -#define MAP_RENAME      0x20            /* rename private pages to file */
  98      -
  99  100  #if     (_POSIX_C_SOURCE <= 2) && !defined(_XPG4_2)
 100  101  /* these flags are used by memcntl */
 101  102  #define PROC_TEXT       (PROT_EXEC | PROT_READ)
 102  103  #define PROC_DATA       (PROT_READ | PROT_WRITE | PROT_EXEC)
 103  104  #define SHARED          0x10
 104  105  #define PRIVATE         0x20
 105  106  #define VALID_ATTR  (PROT_READ|PROT_WRITE|PROT_EXEC|SHARED|PRIVATE)
 106  107  #endif  /* (_POSIX_C_SOURCE <= 2) && !defined(_XPG4_2) */
 107  108  
 108  109  #if     (_POSIX_C_SOURCE <= 2) || defined(_XPG4_2)
↓ open down ↓ 318 lines elided ↑ open up ↑
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX