Print this page
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.

@@ -92,20 +92,21 @@
         }
         mutex_exit(&fip->fi_lock);
 
         v[0].p_type = PT_NOTE;
         v[0].p_flags = PF_R;
-        v[0].p_filesz = (sizeof (Note) * (9 + 2 * nlwp + nzomb + nfd))
+        v[0].p_filesz = (sizeof (Note) * (10 + 2 * nlwp + nzomb + nfd))
             + roundup(sizeof (psinfo_t), sizeof (Word))
             + roundup(sizeof (pstatus_t), sizeof (Word))
             + roundup(prgetprivsize(), sizeof (Word))
             + roundup(priv_get_implinfo_size(), sizeof (Word))
             + roundup(strlen(platform) + 1, sizeof (Word))
             + roundup(strlen(p->p_zone->zone_name) + 1, sizeof (Word))
             + roundup(__KERN_NAUXV_IMPL * sizeof (aux_entry_t), sizeof (Word))
             + roundup(sizeof (utsname), sizeof (Word))
             + roundup(sizeof (core_content_t), sizeof (Word))
+            + roundup(sizeof (prsecflags_t), sizeof (Word))
             + (nlwp + nzomb) * roundup(sizeof (lwpsinfo_t), sizeof (Word))
             + nlwp * roundup(sizeof (lwpstatus_t), sizeof (Word))
             + nfd * roundup(sizeof (prfdinfo_t), sizeof (Word));
 
         if (curproc->p_agenttp != NULL) {

@@ -180,10 +181,11 @@
                 aux_entry_t     auxv[__KERN_NAUXV_IMPL];
                 prcred_t        pcred;
                 prpriv_t        ppriv;
                 priv_impl_info_t prinfo;
                 struct utsname  uts;
+                prsecflags_t    psecflags;
         } *bigwad;
 
         size_t xregsize = prhasx(p)? prgetprxregsize(p) : 0;
         size_t crsize = sizeof (prcred_t) + sizeof (gid_t) * (ngroups_max - 1);
         size_t psize = prgetprivsize();

@@ -285,10 +287,16 @@
         error = elfnote(vp, &offset, NT_UTSNAME, sizeof (struct utsname),
             (caddr_t)&bigwad->uts, rlimit, credp);
         if (error)
                 goto done;
 
+        prgetsecflags(p, &bigwad->psecflags);
+        error = elfnote(vp, &offset, NT_SECFLAGS, sizeof (prsecflags_t),
+            (caddr_t)&bigwad->psecflags, rlimit, credp);
+        if (error)
+                goto done;
+
         prgetcred(p, &bigwad->pcred);
 
         if (bigwad->pcred.pr_ngroups != 0) {
                 crsize = sizeof (prcred_t) +
                     sizeof (gid_t) * (bigwad->pcred.pr_ngroups - 1);