Print this page
smf: switch to a tri-state for process-security properties true=on,false=off,nil=default

*** 56,72 **** The stack will be mapped without executable permission, and attempts to execute it will fault. System default security-flags are configured via properties on the svc:/system/process-security service, which contains a boolean property ! per-flag in the default, lower and upper, property groups. For ! example, to enable ASLR by default you would execute the following ! commands: # svccfg -s svc:/system/process-security setprop default/aslr = true This can be done by any user with the solaris.smf.value.process- security authorization. Since security-flags are strictly inherited, this will not take effect until the system or zone is next booted. --- 56,78 ---- The stack will be mapped without executable permission, and attempts to execute it will fault. System default security-flags are configured via properties on the svc:/system/process-security service, which contains a boolean property ! per-flag in the default, lower and upper, property groups. The value ! indicates the setting of the flag, flags with no value take their ! defaults. For example, to enable ASLR by default you would execute the ! following commands: # svccfg -s svc:/system/process-security setprop default/aslr = true + To restore the setting to the defaults you would execute: + + # svccfg -s svc:/system/process-security delpropvalue default/aslr true + + This can be done by any user with the solaris.smf.value.process- security authorization. Since security-flags are strictly inherited, this will not take effect until the system or zone is next booted.