il_7029-2 Cdiff usr/src/uts/common/os/proc.c

Print this page

7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.


*** 157,161 ****
--- 157,173 ----
                          (pctx->free_op)(pctx->arg, isexec);
                  kmem_free(pctx, sizeof (struct pctxop));
          }
          kpreempt_enable();
  }
+ 
+ boolean_t
+ secflag_enabled(proc_t *p, secflag_t flag)
+ {
+         return (secflag_isset(p->p_secflags.psf_effective, flag));
+ }
+ 
+ void
+ secflags_promote(proc_t *p)
+ {
+         secflags_copy(&p->p_secflags.psf_effective, &p->p_secflags.psf_inherit);
+ }