Print this page
Code review comments from jeffpc
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.

*** 62,71 **** --- 62,72 ---- #include <sys/pset.h> #include <sys/procfs_isa.h> #include <sys/priv.h> #include <sys/stat.h> #include <sys/param.h> + #include <sys/secflags.h> /* * System call interfaces for /proc. */
*** 396,405 **** --- 397,417 ---- uint32_t pr_setsize; /* size of privilege set */ uint32_t pr_infosize; /* size of supplementary data */ priv_chunk_t pr_sets[1]; /* array of sets */ } prpriv_t; + #define PRSECFLAGS_VERSION_1 1 + #define PRSECFLAGS_VERSION_CURRENT PRSECFLAGS_VERSION_1 + typedef struct prsecflags { + uint32_t pr_version; + char pr_pad[4]; + secflagset_t pr_effective; + secflagset_t pr_inherit; + secflagset_t pr_lower; + secflagset_t pr_upper; + } prsecflags_t; + /* * Watchpoint interface. PCWATCH and /proc/<pid>/watch */ typedef struct prwatch { uintptr_t pr_vaddr; /* virtual address of watched area */