Print this page
uts: Allow for address space randomisation.
Randomise the base addresses of shared objects, non-fixed mappings, the
stack and the heap.  Introduce a service, svc:/system/process-security,
and a tool psecflags(1) to control and observe it

Split Close
Expand all
Collapse all
          --- old/usr/src/pkg/manifests/system-extended-system-utilities.mf
          +++ new/usr/src/pkg/manifests/system-extended-system-utilities.mf
↓ open down ↓ 54 lines elided ↑ open up ↑
  55   55  $(i386_ONLY)file path=usr/bin/$(ARCH32)/pfiles mode=0555
  56   56  $(i386_ONLY)file path=usr/bin/$(ARCH32)/pflags mode=0555
  57   57  $(i386_ONLY)file path=usr/bin/$(ARCH32)/pldd mode=0555
  58   58  $(i386_ONLY)file path=usr/bin/$(ARCH32)/plgrp mode=0555
  59   59  $(i386_ONLY)file path=usr/bin/$(ARCH32)/pmadvise mode=0555
  60   60  $(i386_ONLY)file path=usr/bin/$(ARCH32)/pmap mode=0555
  61   61  $(i386_ONLY)file path=usr/bin/$(ARCH32)/ppgsz mode=0555
  62   62  $(i386_ONLY)file path=usr/bin/$(ARCH32)/ppriv mode=0555
  63   63  $(i386_ONLY)file path=usr/bin/$(ARCH32)/preap mode=0555
  64   64  $(i386_ONLY)file path=usr/bin/$(ARCH32)/prun mode=0555
       65 +$(i386_ONLY)file path=usr/bin/$(ARCH32)/psecflags mode=0555
  65   66  $(i386_ONLY)file path=usr/bin/$(ARCH32)/psig mode=0555
  66   67  $(i386_ONLY)file path=usr/bin/$(ARCH32)/pstack mode=0555
  67   68  $(i386_ONLY)file path=usr/bin/$(ARCH32)/pstop mode=0555
  68   69  $(i386_ONLY)file path=usr/bin/$(ARCH32)/ptime mode=0555
  69   70  $(i386_ONLY)file path=usr/bin/$(ARCH32)/ptree mode=0555
  70   71  $(i386_ONLY)file path=usr/bin/$(ARCH32)/pwait mode=0555
  71   72  $(i386_ONLY)file path=usr/bin/$(ARCH32)/pwdx mode=0555
  72   73  $(i386_ONLY)file path=usr/bin/$(ARCH32)/sort mode=0555
  73   74  file path=usr/bin/$(ARCH64)/pargs mode=0555
  74   75  file path=usr/bin/$(ARCH64)/pcred mode=0555
  75   76  file path=usr/bin/$(ARCH64)/pfiles mode=0555
  76   77  file path=usr/bin/$(ARCH64)/pflags mode=0555
  77   78  file path=usr/bin/$(ARCH64)/pldd mode=0555
  78   79  file path=usr/bin/$(ARCH64)/plgrp mode=0555
  79   80  file path=usr/bin/$(ARCH64)/pmadvise mode=0555
  80   81  file path=usr/bin/$(ARCH64)/pmap mode=0555
  81   82  file path=usr/bin/$(ARCH64)/ppgsz mode=0555
  82   83  file path=usr/bin/$(ARCH64)/ppriv mode=0555
  83   84  file path=usr/bin/$(ARCH64)/preap mode=0555
  84   85  file path=usr/bin/$(ARCH64)/prun mode=0555
       86 +file path=usr/bin/$(ARCH64)/psecflags mode=0555
  85   87  file path=usr/bin/$(ARCH64)/psig mode=0555
  86   88  file path=usr/bin/$(ARCH64)/pstack mode=0555
  87   89  file path=usr/bin/$(ARCH64)/pstop mode=0555
  88   90  file path=usr/bin/$(ARCH64)/ptime mode=0555
  89   91  file path=usr/bin/$(ARCH64)/ptree mode=0555
  90   92  file path=usr/bin/$(ARCH64)/pwait mode=0555
  91   93  file path=usr/bin/$(ARCH64)/pwdx mode=0555
  92   94  file path=usr/bin/$(ARCH64)/sort mode=0555
  93   95  file path=usr/bin/asa mode=0555
  94   96  file path=usr/bin/awk mode=0555
↓ open down ↓ 93 lines elided ↑ open up ↑
 188  190  file path=usr/share/man/man1/news.1
 189  191  file path=usr/share/man/man1/nl.1
 190  192  file path=usr/share/man/man1/pack.1
 191  193  file path=usr/share/man/man1/pargs.1
 192  194  file path=usr/share/man/man1/plgrp.1
 193  195  file path=usr/share/man/man1/pmadvise.1
 194  196  file path=usr/share/man/man1/pmap.1
 195  197  file path=usr/share/man/man1/ppgsz.1
 196  198  file path=usr/share/man/man1/ppriv.1
 197  199  file path=usr/share/man/man1/preap.1
      200 +file path=usr/share/man/man1/psecflags.1
 198  201  file path=usr/share/man/man1/ptree.1
 199  202  file path=usr/share/man/man1/sdiff.1
 200  203  file path=usr/share/man/man1/sort.1
 201  204  file path=usr/share/man/man1/spell.1
 202  205  file path=usr/share/man/man1/split.1
 203  206  file path=usr/share/man/man1/tcopy.1
 204  207  file path=usr/share/man/man1/units.1
 205  208  file path=usr/share/man/man1/unix2dos.1
 206  209  file path=usr/share/man/man1/yes.1
 207  210  file path=usr/share/man/man1m/adbgen.1m
↓ open down ↓ 12 lines elided ↑ open up ↑
 220  223  hardlink path=usr/bin/pfiles target=../../usr/lib/isaexec
 221  224  hardlink path=usr/bin/pflags target=../../usr/lib/isaexec
 222  225  hardlink path=usr/bin/pldd target=../../usr/lib/isaexec
 223  226  hardlink path=usr/bin/plgrp target=../../usr/lib/isaexec
 224  227  hardlink path=usr/bin/pmadvise target=../../usr/lib/isaexec
 225  228  hardlink path=usr/bin/pmap target=../../usr/lib/isaexec
 226  229  hardlink path=usr/bin/ppgsz target=../../usr/lib/isaexec
 227  230  hardlink path=usr/bin/ppriv target=../../usr/lib/isaexec
 228  231  hardlink path=usr/bin/preap target=../../usr/lib/isaexec
 229  232  hardlink path=usr/bin/prun target=../../usr/lib/isaexec
      233 +hardlink path=usr/bin/psecflags target=../../usr/lib/isaexec
 230  234  hardlink path=usr/bin/psig target=../../usr/lib/isaexec
 231  235  hardlink path=usr/bin/pstack target=../../usr/lib/isaexec
 232  236  hardlink path=usr/bin/pstop target=../../usr/lib/isaexec
 233  237  hardlink path=usr/bin/ptime target=../../usr/lib/isaexec
 234  238  hardlink path=usr/bin/ptree target=../../usr/lib/isaexec
 235  239  hardlink path=usr/bin/pwait target=../../usr/lib/isaexec
 236  240  hardlink path=usr/bin/pwdx target=../../usr/lib/isaexec
 237  241  hardlink path=usr/bin/sort target=../../usr/lib/isaexec
 238  242  hardlink path=usr/bin/uncompress target=../../usr/bin/compress
 239  243  hardlink path=usr/bin/zcat target=../../usr/bin/compress
↓ open down ↓ 40 lines elided ↑ open up ↑
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX