Print this page
uts: Allow for address space randomisation.
Randomise the base addresses of shared objects, non-fixed mappings, the
stack and the heap. Introduce a service, svc:/system/process-security,
and a tool psecflags(1) to control and observe it
@@ -770,10 +770,34 @@
(void) strlcat(str, auxfl[i].af_name, n);
}
}
}
+static struct auxsecfl {
+ uint_t af_flag;
+ const char *af_name;
+} auxsecfl[] = {
+ { PROC_SEC_ASLR, "aslr" },
+};
+
+/*ARGSUSED*/
+static void
+at_secflags(long val, char *instr, size_t n, char *str)
+{
+ int i;
+
+ *str = '\0';
+
+ for (i = 0; i < sizeof (auxsecfl)/sizeof (struct auxsecfl); i++) {
+ if ((val & auxsecfl[i].af_flag) != 0) {
+ if (*str != '\0')
+ (void) strlcat(str, ",", n);
+ (void) strlcat(str, auxsecfl[i].af_name, n);
+ }
+ }
+}
+
#define MAX_AT_NAME_LEN 15
struct aux_id {
int aux_type;
const char *aux_name;
@@ -810,11 +834,12 @@
{ AT_SUN_AUXFLAGS, "AT_SUN_AUXFLAGS", at_flags },
{ AT_SUN_EMULATOR, "AT_SUN_EMULATOR", at_str },
{ AT_SUN_BRANDNAME, "AT_SUN_BRANDNAME", at_str },
{ AT_SUN_BRAND_AUX1, "AT_SUN_BRAND_AUX1", at_null },
{ AT_SUN_BRAND_AUX2, "AT_SUN_BRAND_AUX2", at_null },
- { AT_SUN_BRAND_AUX3, "AT_SUN_BRAND_AUX3", at_null }
+ { AT_SUN_BRAND_AUX3, "AT_SUN_BRAND_AUX3", at_null },
+ { AT_SUN_SECFLAGS, "AT_SUN_SECFLAGS", at_secflags },
};
#define N_AT_ENTS (sizeof (aux_arr) / sizeof (struct aux_id))
/*