Print this page
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.

Split Close
Expand all
Collapse all
          --- old/usr/src/uts/common/os/proc.c
          +++ new/usr/src/uts/common/os/proc.c
↓ open down ↓ 151 lines elided ↑ open up ↑
 152  152  
 153  153          kpreempt_disable();
 154  154          while ((pctx = p->p_pctx) != NULL) {
 155  155                  p->p_pctx = pctx->next;
 156  156                  if (pctx->free_op != NULL)
 157  157                          (pctx->free_op)(pctx->arg, isexec);
 158  158                  kmem_free(pctx, sizeof (struct pctxop));
 159  159          }
 160  160          kpreempt_enable();
 161  161  }
      162 +
      163 +boolean_t
      164 +secflag_enabled(proc_t *p, secflag_t flag)
      165 +{
      166 +        return (secflag_isset(p->p_secflags.psf_effective, flag));
      167 +}
      168 +
      169 +void
      170 +secflags_promote(proc_t *p)
      171 +{
      172 +        secflags_copy(&p->p_secflags.psf_effective, &p->p_secflags.psf_inherit);
      173 +}
    
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX