Print this page
uts: Allow for address space randomisation.
Randomise the base addresses of shared objects, non-fixed mappings, the
stack and the heap.  Introduce a service, svc:/system/process-security,
and a tool psecflags(1) to control and observe it

Split Close
Expand all
Collapse all
          --- old/usr/src/cmd/truss/systable.c
          +++ new/usr/src/cmd/truss/systable.c
↓ open down ↓ 213 lines elided ↑ open up ↑
 214  214          if (err >= 0 && err < NERRCODE)
 215  215                  ename = errcode[err];
 216  216  
 217  217          return (ename);
 218  218  }
 219  219  
 220  220  
 221  221  const struct systable systable[] = {
 222  222  { NULL,         8, HEX, HEX, HEX, HEX, HEX, HEX, HEX, HEX, HEX, HEX},
 223  223  {"_exit",       1, DEC, NOV, DEC},                              /*   1 */
 224      -{ NULL,         8, HEX, HEX, HEX, HEX, HEX, HEX, HEX, HEX, HEX, HEX},
      224 +{"psecflags",   3, DEC, NOV, HEX, PSFCMD, PSFLG},               /*   2 */
 225  225  {"read",        3, DEC, NOV, DEC, IOB, UNS},                    /*   3 */
 226  226  {"write",       3, DEC, NOV, DEC, IOB, UNS},                    /*   4 */
 227  227  {"open",        3, DEC, NOV, STG, OPN, OCT},                    /*   5 */
 228  228  {"close",       1, DEC, NOV, DEC},                              /*   6 */
 229  229  {"linkat",      5, DEC, NOV, ATC, STG, ATC, STG, SNF},          /*   7 */
 230  230  { NULL,         8, HEX, HEX, HEX, HEX, HEX, HEX, HEX, HEX, HEX, HEX},
 231  231  {"link",        2, DEC, NOV, STG, STG},                         /*   9 */
 232  232  {"unlink",      1, DEC, NOV, STG},                              /*  10 */
 233  233  {"symlinkat",   3, DEC, NOV, STG, ATC, STG},                    /*  11 */
 234  234  {"chdir",       1, DEC, NOV, STG},                              /*  12 */
↓ open down ↓ 1503 lines elided ↑ open up ↑
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX