Print this page
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.

Split Close
Expand all
Collapse all
          --- old/usr/src/uts/common/syscall/ppriv.c
          +++ new/usr/src/uts/common/syscall/ppriv.c
↓ open down ↓ 179 lines elided ↑ open up ↑
 180  180                  p->p_flag |= SNOCD;
 181  181                  mutex_exit(&p->p_lock);
 182  182          }
 183  183  
 184  184          /*
 185  185           * The basic_test privilege should not be removed from E;
 186  186           * if that has happened, then some programmer typically set the E/P to
 187  187           * empty. That is not portable.
 188  188           */
 189  189          if ((type == PRIV_EFFECTIVE || type == PRIV_PERMITTED) &&
 190      -            priv_basic_test >= 0 && !PRIV_ISASSERT(target, priv_basic_test)) {
      190 +            priv_basic_test >= 0 && !PRIV_ISMEMBER(target, priv_basic_test)) {
 191  191                  proc_t *p = curproc;
 192  192                  pid_t pid = p->p_pid;
 193  193                  char *fn = PTOU(p)->u_comm;
 194  194  
 195  195                  cmn_err(CE_WARN, "%s[%d]: setppriv: basic_test privilege "
 196  196                      "removed from E/P", fn, pid);
 197  197          }
 198  198  
 199  199          crset(p, cr);           /* broadcast to process threads */
 200  200  
↓ open down ↓ 221 lines elided ↑ open up ↑
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX