Print this page 
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.


  55 SKIP            ^usr/lib/MACH(iconv)/geniconvtbl.so$    # 4384329
  56 
  57 # picl file exclusions (4385799)
  58 SKIP            ^usr/platform/.*/libpsvcplugin_psr\.so\.1
  59 SKIP            ^usr/platform/.*/libpsvcpolicy_psr\.so\.1
  60 SKIP            ^usr/platform/.*/libpsvcpolicy\.so\.1
  61 SKIP            ^usr/lib/sysevent/modules/picl_slm.so$
  62 
  63 # Objects that are allowed to have executable data segments
  64 EXEC_DATA       ^MACH(lib)/ld\.so\.1$
  65 EXEC_DATA       ^lib/libc\.so\.1$       # 6524709, 32-bit, needed for x86 only
  66 EXEC_DATA       ^lib/amd64/libumem\.so\.1$ # ptcumem
  67 EXEC_DATA       ^lib/libumem\.so\.1$    # ptcumem
  68 EXEC_DATA       ^opt/SUNWdtrt/tst/.*/ustack/tst\.helper\.exe$
  69 EXEC_DATA       ^platform/.*/MACH(kernel)/unix$
  70 EXEC_DATA       ^platform/.*/multiboot$
  71 
  72 # Objects that are allowed to have an executable stack
  73 EXEC_STACK      ^platform/.*/MACH(kernel)/unix$
  74 EXEC_STACK      ^platform/.*/multiboot$

  75 
  76 # Objects for which we allow relocations to the text segment
  77 TEXTREL         ^platform/.*/MACH(kernel)/unix$
  78 
  79 # Directories and files that are allowed to have no direct bound symbols
  80 NODIRECT        ^platform/.*/MACH(kernel)/unix$
  81 NODIRECT        ^usr/ucb
  82 NODIRECT        ^usr/4lib/sbcp$
  83 
  84 # Identify any files that should be skipped when building a crle(1)
  85 # configuration file.  As the hwcap libraries can be loop-back mounted onto
  86 # libc, these can confuse crle(1) because of their identical dev/inode.
  87 NOCRLEALT       ^usr/lib/libc/libc_hwcap[1-3].so.1$
  88 
  89 # Files that should contain debugging information.
  90 STAB    ^platform/.*/MACH(kernel)/unix$
  91 
  92 # Files that are allowed undefined references
  93 UNDEF_REF       ^usr/lib/libnisdb\.so\.2$
  94 UNDEF_REF       ^usr/snadm/lib/libsvm\.so\.1$




  55 SKIP            ^usr/lib/MACH(iconv)/geniconvtbl.so$    # 4384329
  56 
  57 # picl file exclusions (4385799)
  58 SKIP            ^usr/platform/.*/libpsvcplugin_psr\.so\.1
  59 SKIP            ^usr/platform/.*/libpsvcpolicy_psr\.so\.1
  60 SKIP            ^usr/platform/.*/libpsvcpolicy\.so\.1
  61 SKIP            ^usr/lib/sysevent/modules/picl_slm.so$
  62 
  63 # Objects that are allowed to have executable data segments
  64 EXEC_DATA       ^MACH(lib)/ld\.so\.1$
  65 EXEC_DATA       ^lib/libc\.so\.1$       # 6524709, 32-bit, needed for x86 only
  66 EXEC_DATA       ^lib/amd64/libumem\.so\.1$ # ptcumem
  67 EXEC_DATA       ^lib/libumem\.so\.1$    # ptcumem
  68 EXEC_DATA       ^opt/SUNWdtrt/tst/.*/ustack/tst\.helper\.exe$
  69 EXEC_DATA       ^platform/.*/MACH(kernel)/unix$
  70 EXEC_DATA       ^platform/.*/multiboot$
  71 
  72 # Objects that are allowed to have an executable stack
  73 EXEC_STACK      ^platform/.*/MACH(kernel)/unix$
  74 EXEC_STACK      ^platform/.*/multiboot$
  75 EXEC_STACK      ^opt/os-tests/tests/secflags/stacky$
  76 
  77 # Objects for which we allow relocations to the text segment
  78 TEXTREL         ^platform/.*/MACH(kernel)/unix$
  79 
  80 # Directories and files that are allowed to have no direct bound symbols
  81 NODIRECT        ^platform/.*/MACH(kernel)/unix$
  82 NODIRECT        ^usr/ucb
  83 NODIRECT        ^usr/4lib/sbcp$
  84 
  85 # Identify any files that should be skipped when building a crle(1)
  86 # configuration file.  As the hwcap libraries can be loop-back mounted onto
  87 # libc, these can confuse crle(1) because of their identical dev/inode.
  88 NOCRLEALT       ^usr/lib/libc/libc_hwcap[1-3].so.1$
  89 
  90 # Files that should contain debugging information.
  91 STAB    ^platform/.*/MACH(kernel)/unix$
  92 
  93 # Files that are allowed undefined references
  94 UNDEF_REF       ^usr/lib/libnisdb\.so\.2$
  95 UNDEF_REF       ^usr/snadm/lib/libsvm\.so\.1$