Print this page
uts: Allow for address space randomisation.
Randomise the base addresses of shared objects, non-fixed mappings, the
stack and the heap.  Introduce a service, svc:/system/process-security,
and a tool psecflags(1) to control and observe it

@@ -770,10 +770,34 @@
                         (void) strlcat(str, auxfl[i].af_name, n);
                 }
         }
 }
 
+static struct auxsecfl {
+        uint_t af_flag;
+        const char *af_name;
+} auxsecfl[] = {
+        { PROC_SEC_ASLR,        "aslr" },
+};
+
+/*ARGSUSED*/
+static void
+at_secflags(long val, char *instr, size_t n, char *str)
+{
+        int i;
+
+        *str = '\0';
+
+        for (i = 0; i < sizeof (auxsecfl)/sizeof (struct auxsecfl); i++) {
+                if ((val & auxsecfl[i].af_flag) != 0) {
+                        if (*str != '\0')
+                                (void) strlcat(str, ",", n);
+                        (void) strlcat(str, auxsecfl[i].af_name, n);
+                }
+        }
+}
+
 #define MAX_AT_NAME_LEN 15
 
 struct aux_id {
         int aux_type;
         const char *aux_name;

@@ -810,11 +834,12 @@
         { AT_SUN_AUXFLAGS,      "AT_SUN_AUXFLAGS",      at_flags },
         { AT_SUN_EMULATOR,      "AT_SUN_EMULATOR",      at_str  },
         { AT_SUN_BRANDNAME,     "AT_SUN_BRANDNAME",     at_str  },
         { AT_SUN_BRAND_AUX1,    "AT_SUN_BRAND_AUX1",    at_null },
         { AT_SUN_BRAND_AUX2,    "AT_SUN_BRAND_AUX2",    at_null },
-        { AT_SUN_BRAND_AUX3,    "AT_SUN_BRAND_AUX3",    at_null }
+        { AT_SUN_BRAND_AUX3,    "AT_SUN_BRAND_AUX3",    at_null },
+        { AT_SUN_SECFLAGS,      "AT_SUN_SECFLAGS",      at_secflags },
 };
 
 #define N_AT_ENTS (sizeof (aux_arr) / sizeof (struct aux_id))
 
 /*