secflag-zone-defaults Wdiff usr/src/man/man5/security-flags.5

Print this page

smf: switch to a tri-state for process-security properties true=on,false=off,nil=default

Split	Close
Expand all
Collapse all

          --- old/usr/src/man/man5/security-flags.5
          +++ new/usr/src/man/man5/security-flags.5

   1    1  .\"
   2    2  .\" This file and its contents are supplied under the terms of the
   3    3  .\" Common Development and Distribution License ("CDDL"), version 1.0.
   4    4  .\" You may only use this file in accordance with the terms of version
   5    5  .\" 1.0 of the CDDL.
   6    6  .\"
   7    7  .\" A full copy of the text of the CDDL should have accompanied this
   8    8  .\" source.  A copy of the CDDL is also available via the Internet at
   9    9  .\" http://www.illumos.org/license/CDDL.
  10   10  .\"
  11   11  .\" Copyright 2015, Richard Lowe.
  12   12  .\"
  13   13  .TH "SECURITY-FLAGS" "5" "June 6, 2016"
  14   14  .SH "NAME"
  15   15  \fBsecurity-flags\fR - process security flags
  16   16  .SH "DESCRIPTION"
  17   17  Each process on an illumos system has an associated set of security-flags
  18   18  which describe additional per-process security and exploit mitigation
  19   19  features which are enabled for that process.
  20   20  .P
  21   21  There are four sets of these flags for each process, the effective set
  22   22  (abbreviated \fIE\fR) are the set which currently apply to the process and are
  23   23  immutable. The inheritable set (abbreviated \fII\fR) are the flags which will
  24   24  become effective the next time the process calls one of the \fBexec(2)\fR
  25   25  family of functions, and will be inherited as both the effective and
  26   26  inheritable sets by any child processes. The upper set (abbreviated \fIU\fR)
  27   27  specify the maximal flags that a process can have in its inheritable set.  The
  28   28  lower set (abbreviated \fIL\fR) specify the minimal amount of flags that a
  29   29  process must have in its inheritable set.  The inheritable set may be changed
  30   30  at any time, subject to permissions and the lower and upper sets.
  31   31  .P
  32   32  To change the security-flags of a process one must have both permissions
  33   33  equivalent to those required to send a signal to the process and have the
  34   34  \fBPRIV_PROC_SECFLAGS\fR privilege.
  35   35  .P
  36   36  Currently available features are:
  37   37  
  38   38  .sp
  39   39  .ne 2
  40   40  .na
  41   41  Address Space Layout Randomisation (\fBASLR\fR)
  42   42  .ad
  43   43  .RS 11n
  44   44  The base addresses of the stack, heap and shared library (including
  45   45  \fBld.so\fR) mappings are randomised, the bases of mapped regions other than
  46   46  those using \fBMAP_FIXED\fR are randomised.
  47   47  .P
  48   48  Currently, executable base addresses are \fInot\fR randomised, due to which
  49   49  the mitigation provided by this feature is currently limited.
  50   50  .P
  51   51  This flag may also be enabled by the presence of the \fBDT_SUNW_ASLR\fR
  52   52  dynamic tag in the \fB.dynamic\fR section of the executable file. If this
  53   53  tag has a value of 1, ASLR will be enabled. If the flag has a value of
  54   54  \fB0\fR ASLR will be disabled. If the tag is not present, the value of the
  55   55  ASLR flag will be inherited as normal.
  56   56  .RE
  57   57  
  58   58  .sp
  59   59  .ne 2
  60   60  .na
  61   61  Forbid mappings at NULL (\fBFORBIDNULLMAP\fR)
  62   62  .ad
  63   63  .RS 11n
  64   64  Mappings with an address of 0 are forbidden, and return EINVAL rather than
  65   65  being honored.
  66   66  .RE
  67   67  
  68   68  .sp
  69   69  .ne 2
  70   70  .na

↓ open down ↓

70 lines elided

↑ open up ↑

  71   71  Make the userspace stack non-executable (\fBNOEXECSTACK\fR)
  72   72  .ad
  73   73  .RS 11n
  74   74  The stack will be mapped without executable permission, and attempts to
  75   75  execute it will fault.
  76   76  .RE
  77   77  
  78   78  System default security-flags are configured via properties on the
  79   79  \fBsvc:/system/process-security\fR service, which contains a boolean property
  80   80  per-flag in the \fBdefault\fR, \fBlower\fR and \fBupper\fR, property groups.
  81      -For example, to enable ASLR by default you would execute the following
  82      -commands:
       81 +The value indicates the setting of the flag, flags with no value take their
       82 +defaults.  For example, to enable ASLR by default you would execute the
       83 +following commands:
  83   84  .sp
  84   85  .in +2
  85   86  .nf
  86   87  # svccfg -s svc:/system/process-security setprop default/aslr = true
  87   88  .fi
  88   89  .in -2
  89   90  .sp
  90   91  .P
       92 +To restore the setting to the defaults you would execute:
       93 +.sp
       94 +.in +2
       95 +.nf
       96 +# svccfg -s svc:/system/process-security delpropvalue default/aslr true
       97 +.fi
       98 +.in -2
       99 +.sp
      100 +.P
  91  101  This can be done by any user with the \fBsolaris.smf.value.process-security\fR
  92  102  authorization.
  93  103  .P
  94  104  Since security-flags are strictly inherited, this will not take effect until
  95  105  the system or zone is next booted.
  96  106  
  97  107  .SH "SEE ALSO"
  98  108  .BR psecflags (1),
  99  109  .BR svccfg (1M),
 100  110  .BR brk (2),
 101  111  .BR exec (2),
 102  112  .BR mmap (2),
 103  113  .BR mmapobj (2),
 104  114  .BR privileges (5),
 105  115  .BR rbac (5)

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX