Print this page
uts: Allow for address space randomisation.
Randomise the base addresses of shared objects, non-fixed mappings, the
stack and the heap. Introduce a service, svc:/system/process-security,
and a tool psecflags(1) to control and observe it
@@ -434,10 +434,11 @@
union {
Conv_cap_val_hw1_buf_t hw1;
Conv_cap_val_hw2_buf_t hw2;
Conv_cnote_auxv_af_buf_t auxv_af;
Conv_ehdr_flags_buf_t ehdr_flags;
+ Conv_secflags_buf_t secflags;
Conv_inv_buf_t inv;
} conv_buf;
sl_fmtbuf_t buf;
int ndx, ndx_start;
Word sizeof_auxv;
@@ -485,10 +486,15 @@
case AT_IGNORE:
case AT_SUN_IFLUSH:
num_fmt = SL_FMT_NUM_HEX;
break;
+ case AT_SUN_SECFLAGS:
+ w = extract_as_word(state, &layout->a_val);
+ vstr = conv_psecflags(w, 0, &conv_buf.secflags);
+ break;
+
case AT_EXECFD:
case AT_PHENT:
case AT_PHNUM:
case AT_PAGESZ:
case AT_SUN_UID:
@@ -825,10 +831,30 @@
MSG_ORIG(MSG_CNOTE_T_TV_NSEC), tv_nsec);
indent_exit(state);
}
+/*
+ * Output information from psecflags_t structure.
+ */
+static void
+dump_secflags(note_state_t *state, const char *title)
+{
+ const sl_psecflags_layout_t *layout = state->ns_arch->psecflags;
+ Conv_secflags_buf_t inv;
+ Word w;
+
+ indent_enter(state, title, &layout->psf_effective);
+
+ w = extract_as_word(state, &layout->psf_effective);
+ print_str(state, MSG_ORIG(MSG_CNOTE_T_PSF_EFFECTIVE),
+ conv_psecflags(w, 0, &inv));
+
+ w = extract_as_word(state, &layout->psf_inherit);
+ print_str(state, MSG_ORIG(MSG_CNOTE_T_PSF_INHERIT),
+ conv_psecflags(w, 0, &inv));
+}
/*
* Output information from utsname structure.
*/
static void
@@ -1095,10 +1121,14 @@
* higher one for the pr_lwp sub-struct.
*/
state->ns_vcol += 5;
state->ns_t2col += 5;
state->ns_v2col += 5;
+
+ PRINT_SUBTYPE(MSG_ORIG(MSG_CNOTE_T_PR_SECFLAGS), pr_secflags,
+ dump_secflags);
+
PRINT_SUBTYPE(MSG_ORIG(MSG_CNOTE_T_PR_LWP), pr_lwp, dump_lwpstatus);
state->ns_vcol -= 5;
state->ns_t2col -= 5;
state->ns_v2col -= 5;