Print this page
uts: Allow for address space randomisation.
Randomise the base addresses of shared objects, non-fixed mappings, the
stack and the heap.  Introduce a service, svc:/system/process-security,
and a tool psecflags(1) to control and observe it

Split Close
Expand all
Collapse all
          --- old/usr/src/lib/brand/sn1/zone/config.xml
          +++ new/usr/src/lib/brand/sn1/zone/config.xml
↓ open down ↓ 67 lines elided ↑ open up ↑
  68   68          <privilege set="default" name="net_icmpaccess" />
  69   69          <privilege set="default" name="net_mac_aware" />
  70   70          <privilege set="default" name="net_observability" />
  71   71          <privilege set="default" name="net_privaddr" />
  72   72          <privilege set="default" name="net_rawaccess" ip-type="exclusive" />
  73   73          <privilege set="default" name="proc_chroot" />
  74   74          <privilege set="default" name="sys_audit" />
  75   75          <privilege set="default" name="proc_audit" />
  76   76          <privilege set="default" name="proc_lock_memory" />
  77   77          <privilege set="default" name="proc_owner" />
       78 +        <privilege set="default" name="proc_secflags" />
  78   79          <privilege set="default" name="proc_setid" />
  79   80          <privilege set="default" name="proc_taskid" />
  80   81          <privilege set="default" name="sys_acct" />
  81   82          <privilege set="default" name="sys_admin" />
  82   83          <privilege set="default" name="sys_ip_config" ip-type="exclusive" />
  83   84          <privilege set="default" name="sys_iptun_config" ip-type="exclusive" />
  84   85          <privilege set="default" name="sys_mount" />
  85   86          <privilege set="default" name="sys_nfs" />
  86   87          <privilege set="default" name="sys_resource" />
  87   88          <privilege set="default" name="sys_ppp_config" ip-type="exclusive" />
↓ open down ↓ 19 lines elided ↑ open up ↑
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX