SECURITY-FLAGS(5) Standards, Environments, and Macros SECURITY-FLAGS(5)

NAME

security-flags - process security flags

DESCRIPTION

Each process on an illumos system has an associated set of security-flags which describe additional per-process security and exploit mitigation features which are enabled for that process.

There are two sets of these flags for each process, the effective set (abbreviated E) are the set which currently apply to the process and are immutable. The inheritable set (abbreviated I) are the flags which will become effective the next time the process calls one of the exec(2) family of functions, and will be inherited as both the effective and inheritable sets by any child processes. The inheritable set may be changed at any time, subject to permissions.

To change the security-flags of a process one must have both permissions equivalent to those required to send a signal to the process and have the PRIV_PROC_SECFLAGS privilege.

Currently available features are:

 
 
Address Space Layout Randomisation (ASLR)
The base addresses of the stack, heap and shared library (including ld.so) mappings are randomised, the bases of mapped regions other than those using MAP_FIXED are randomised.

Currently, executable base addresses are not randomised, due to which the mitigation provided by this feature is currently limited.

This flag may also be enabled by the presence of the DT_SUNW_ASLR dynamic tag in the .dynamic section of the executable file. If this tag has a value of 1, ASLR will be enabled. If the flag has a value of 0 ASLR will be disabled. If the tag is not present, the value of the ASLR flag will be inherited as normal.

 
System default security-flags are configured via properties on the svc:/system/process-security service, which contains a boolean property per-flag in the secflags property group. For example, to enable ASLR by default you would execute the following commands:
 


# svccfg -s svc:/system/process-security setprop secflags/aslr = true

 

This can be done by any user with the solaris.smf.value.process-security authorization.

Since security-flags are strictly inherited, this will not take effect until the system or zone is next booted.

 

SEE ALSO

psecflags(1), svccfg(1M), brk(2), exec(2), mmap(2), mmapobj(2), privileges(5), rbac(5)
May 5, 2014