Print this page
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.

Split Close
Expand all
Collapse all
          --- old/usr/src/cmd/praudit/token.c
          +++ new/usr/src/cmd/praudit/token.c
↓ open down ↓ 2338 lines elided ↑ open up ↑
2339 2339          /* privilege type: */
2340 2340          returnstat = process_tag(context, TAG_SETTYPE, 0, 0);
2341 2341  
2342 2342          /* Done with attributes; force end of token open */
2343 2343          if (returnstat == 0)
2344 2344                  returnstat = finish_open_tag(context);
2345 2345  
2346 2346          /* privilege: */
2347 2347          return (pa_adr_string(context, returnstat, 1));
2348 2348  }
     2349 +
     2350 +/*
     2351 + * -----------------------------------------------------------------------
     2352 + * secflags_token()     : Process privilege token and display contents
     2353 + * return codes         : -1 - error
     2354 + *                      :  0 - successful
     2355 + * NOTE: At the time of call, the secflags token id has been retrieved
     2356 + *
     2357 + * Format of secflags token:
     2358 + *      secflags token id       adr_char
     2359 + *      secflag set name        adr_string
     2360 + *      secflags                adr_string
     2361 + * -----------------------------------------------------------------------
     2362 + */
     2363 +int
     2364 +secflags_token(pr_context_t *context)
     2365 +{
     2366 +        int     returnstat;
     2367 +
     2368 +        /* Set name */
     2369 +        returnstat = process_tag(context, TAG_SETTYPE, 0, 0);
     2370 +
     2371 +        /* Done with attributes; force end of token open */
     2372 +        if (returnstat == 0)
     2373 +                returnstat = finish_open_tag(context);
     2374 +
     2375 +        /* set */
     2376 +        return (pa_adr_string(context, returnstat, 1));
     2377 +}
    
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX