Print this page
uts: Allow for address space randomisation.
Randomise the base addresses of shared objects, non-fixed mappings, the
stack and the heap.  Introduce a service, svc:/system/process-security,
and a tool psecflags(1) to control and observe it

@@ -65,10 +65,11 @@
 #include <sys/tspriocntl.h>
 #include <sys/iapriocntl.h>
 #include <sys/rtpriocntl.h>
 #include <sys/fsspriocntl.h>
 #include <sys/fxpriocntl.h>
+#include <sys/proc.h>
 #include <netdb.h>
 #include <nss_dbdefs.h>
 #include <sys/socketvar.h>
 #include <netinet/in.h>
 #include <netinet/tcp.h>

@@ -1598,10 +1599,60 @@
 
         prt_dec(pri, 0, PC_KY_NULL);
 }
 
 /*
+ * Print a psecflags(2) command
+ */
+void
+prt_psfcmd(private_t *pri, int raw, long val)
+{
+        const char *s = NULL;
+
+        if (raw == 0) {
+                switch ((psecflags_cmd_t)val) {
+                case PSECFLAGS_SET:
+                        s = "PSECFLAGS_SET";
+                        break;
+                case PSECFLAGS_DISABLE:
+                        s = "PSECFLAGS_DISABLE";
+                        break;
+                case PSECFLAGS_ENABLE:
+                        s = "PSECFLAGS_ENABLE";
+                        break;
+                }
+        }
+
+        if (s == NULL)
+                prt_dec(pri, 0, val);
+        else
+                outstring(pri, s);
+}
+
+void
+prt_psflags(private_t *pri, int raw, long val)
+{
+        char *str = pri->code_buf;
+
+        if (raw == 1) {
+                prt_hex(pri, 0, val);
+                return;
+        }
+
+        *str = '\0';
+        if (val & PROC_SEC_ASLR) {
+                (void) strlcat(str, "|PROC_SEC_ASLR", sizeof (pri->code_buf));
+                val &= ~PROC_SEC_ASLR;
+        }
+
+        if (val != 0)
+                (void) snprintf(str, sizeof (pri->code_buf), "%s|%x", str, val);
+
+        outstring(pri, str + 1);
+}
+
+/*
  * Print processor set id, including logical expansion of "special" ids.
  */
 void
 prt_pst(private_t *pri, int raw, long val)
 {

@@ -2868,7 +2919,9 @@
         prt_snf,        /* SNF -- print AT_SYMLINK_[NO]FOLLOW flag */
         prt_skc,        /* SKC -- print sockconfig() subcode */
         prt_acf,        /* ACF -- print accept4 flags */
         prt_pfd,        /* PFD -- print pipe fds */
         prt_grf,        /* GRF -- print getrandom flags */
+        prt_psfcmd,     /* PSFCMD -- print psecflags(2) command */
+        prt_psflags,    /* PSFLG -- print psecflags(2) flags */
         prt_dec,        /* HID -- hidden argument, make this the last one */
 };