Print this page
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.

Split Close
Expand all
Collapse all
          --- old/usr/src/lib/libproc/common/Pgcore.c
          +++ new/usr/src/lib/libproc/common/Pgcore.c
↓ open down ↓ 1410 lines elided ↑ open up ↑
1411 1411  
1412 1412          {
1413 1413                  fditer_t iter;
1414 1414                  iter.fd_fd = fd;
1415 1415                  iter.fd_doff = &doff;
1416 1416  
1417 1417                  if (Pfdinfo_iter(P, iter_fd, &iter) != 0)
1418 1418                          goto err;
1419 1419          }
1420 1420  
     1421 +
     1422 +        {
     1423 +                prsecflags_t *psf = NULL;
     1424 +
     1425 +                if (Psecflags(P, &psf) != 0)
     1426 +                        goto err;
     1427 +
     1428 +                if (write_note(fd, NT_SECFLAGS, psf,
     1429 +                    sizeof (prsecflags_t), &doff) != 0) {
     1430 +                        Psecflags_free(psf);
     1431 +                        goto err;
     1432 +                }
     1433 +
     1434 +                Psecflags_free(psf);
     1435 +        }
     1436 +
1421 1437  #if defined(__i386) || defined(__amd64)
1422 1438          /* CSTYLED */
1423 1439          {
1424 1440                  struct ssd *ldtp;
1425 1441                  size_t size;
1426 1442                  int nldt;
1427 1443  
1428 1444                  /*
1429 1445                   * Only dump out non-zero sized LDT notes.
1430 1446                   */
↓ open down ↓ 63 lines elided ↑ open up ↑
1494 1510          free(pgc.pgc_chunk);
1495 1511  
1496 1512          return (0);
1497 1513  
1498 1514  err:
1499 1515          /*
1500 1516           * Wipe out anything we may have written if there was an error.
1501 1517           */
1502 1518          (void) ftruncate64(fd, 0);
1503 1519          free(pgc.pgc_chunk);
     1520 +
1504 1521          return (-1);
1505 1522  }
1506 1523  
1507 1524  static const char *content_str[] = {
1508 1525          "stack",        /* CC_CONTENT_STACK */
1509 1526          "heap",         /* CC_CONTENT_HEAP */
1510 1527          "shfile",       /* CC_CONTENT_SHFILE */
1511 1528          "shanon",       /* CC_CONTENT_SHANON */
1512 1529          "text",         /* CC_CONTENT_TEXT */
1513 1530          "data",         /* CC_CONTENT_DATA */
↓ open down ↓ 142 lines elided ↑ open up ↑
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX