secflag-zone-defaults Wdiff usr/src/man/man5/security-flags.5

Print this page

smf: switch to a tri-state for process-security properties true=on,false=off,nil=default

Split	Close
Expand all
Collapse all

          --- old/usr/src/man/man5/security-flags.5.man.txt
          +++ new/usr/src/man/man5/security-flags.5.man.txt

   1    1  SECURITY-FLAGS(5)     Standards, Environments, and Macros    SECURITY-FLAGS(5)
   2    2  
   3    3  
   4    4  
   5    5  NAME
   6    6         security-flags - process security flags
   7    7  
   8    8  DESCRIPTION
   9    9         Each process on an illumos system has an associated set of security-
  10   10         flags which describe additional per-process security and exploit
  11   11         mitigation features which are enabled for that process.
  12   12  
  13   13         There are four sets of these flags for each process, the effective set
  14   14         (abbreviated E) are the set which currently apply to the process and
  15   15         are immutable. The inheritable set (abbreviated I) are the flags which
  16   16         will become effective the next time the process calls one of the
  17   17         exec(2) family of functions, and will be inherited as both the
  18   18         effective and inheritable sets by any child processes. The upper set
  19   19         (abbreviated U) specify the maximal flags that a process can have in
  20   20         its inheritable set.  The lower set (abbreviated L) specify the minimal
  21   21         amount of flags that a process must have in its inheritable set.  The
  22   22         inheritable set may be changed at any time, subject to permissions and
  23   23         the lower and upper sets.
  24   24  
  25   25         To change the security-flags of a process one must have both
  26   26         permissions equivalent to those required to send a signal to the
  27   27         process and have the PRIV_PROC_SECFLAGS privilege.
  28   28  
  29   29         Currently available features are:
  30   30  
  31   31  
  32   32         Address Space Layout Randomisation (ASLR)
  33   33                    The base addresses of the stack, heap and shared library
  34   34                    (including ld.so) mappings are randomised, the bases of
  35   35                    mapped regions other than those using MAP_FIXED are
  36   36                    randomised.
  37   37  
  38   38                    Currently, executable base addresses are not randomised, due
  39   39                    to which the mitigation provided by this feature is
  40   40                    currently limited.
  41   41  
  42   42                    This flag may also be enabled by the presence of the
  43   43                    DT_SUNW_ASLR dynamic tag in the .dynamic section of the
  44   44                    executable file. If this tag has a value of 1, ASLR will be
  45   45                    enabled. If the flag has a value of 0 ASLR will be disabled.
  46   46                    If the tag is not present, the value of the ASLR flag will
  47   47                    be inherited as normal.
  48   48  
  49   49  
  50   50         Forbid mappings at NULL (FORBIDNULLMAP)

↓ open down ↓

50 lines elided

↑ open up ↑

  51   51                    Mappings with an address of 0 are forbidden, and return
  52   52                    EINVAL rather than being honored.
  53   53  
  54   54  
  55   55         Make the userspace stack non-executable (NOEXECSTACK)
  56   56                    The stack will be mapped without executable permission, and
  57   57                    attempts to execute it will fault.
  58   58  
  59   59         System default security-flags are configured via properties on the
  60   60         svc:/system/process-security service, which contains a boolean property
  61      -       per-flag in the default, lower and upper, property groups.  For
  62      -       example, to enable ASLR by default you would execute the following
  63      -       commands:
       61 +       per-flag in the default, lower and upper, property groups.  The value
       62 +       indicates the setting of the flag, flags with no value take their
       63 +       defaults.  For example, to enable ASLR by default you would execute the
       64 +       following commands:
  64   65  
  65   66           # svccfg -s svc:/system/process-security setprop default/aslr = true
  66   67  
  67   68  
       69 +       To restore the setting to the defaults you would execute:
       70 +
       71 +         # svccfg -s svc:/system/process-security delpropvalue default/aslr true
       72 +
       73 +
  68   74         This can be done by any user with the solaris.smf.value.process-
  69   75         security authorization.
  70   76  
  71   77         Since security-flags are strictly inherited, this will not take effect
  72   78         until the system or zone is next booted.
  73   79  
  74   80  
  75   81  SEE ALSO
  76   82         psecflags(1), svccfg(1M), brk(2), exec(2), mmap(2), mmapobj(2),
  77   83         privileges(5), rbac(5)
  78   84  
  79   85  
  80   86  
  81   87                                   June 6, 2016                SECURITY-FLAGS(5)

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX