Print this page
uts: Allow for address space randomisation.
Randomise the base addresses of shared objects, non-fixed mappings, the
stack and the heap. Introduce a service, svc:/system/process-security,
and a tool psecflags(1) to control and observe it
@@ -134,10 +134,11 @@
static void aus_ioctl(struct t_audit_data *);
static void aus_memcntl(struct t_audit_data *);
static void aus_mmap(struct t_audit_data *);
static void aus_munmap(struct t_audit_data *);
static void aus_priocntlsys(struct t_audit_data *);
+static void aus_psecflags(struct t_audit_data *);
static void aus_setegid(struct t_audit_data *);
static void aus_setgroups(struct t_audit_data *);
static void aus_seteuid(struct t_audit_data *);
static void aus_putmsg(struct t_audit_data *);
static void aus_putpmsg(struct t_audit_data *);
@@ -202,11 +203,11 @@
*/
aui_null, AUE_NULL, aus_null, /* 0 unused (indirect) */
auf_null, 0,
aui_null, AUE_EXIT, aus_exit, /* 1 exit */
auf_null, S2E_NPT,
-aui_null, AUE_NULL, aus_null, /* 2 (loadable) was forkall */
+aui_null, AUE_PSECFLAGS, aus_psecflags, /* 2 psecflags */
auf_null, 0,
aui_null, AUE_READ, aus_null, /* 3 read */
auf_read, S2E_PUB,
aui_null, AUE_WRITE, aus_null, /* 4 write */
auf_write, 0,
@@ -741,10 +742,24 @@
rval = (uint32_t)uap->rval;
au_uwrite(au_to_arg32(1, "exit status", rval));
}
+/*ARGSUSED*/
+static void
+aus_psecflags(struct t_audit_data *tad)
+{
+ struct a {
+ uintptr_t psp; /* procset_t */
+ uint_t cmd; /* psecflags_cmd_t */
+ uint_t arg;
+ } *uap = (struct a *)ttolwp(curthread)->lwp_ap;
+
+ au_uwrite(au_to_arg32(2, "cmd", (uint_t)uap->cmd));
+ au_uwrite(au_to_arg32(3, "arg", (uint_t)uap->arg));
+}
+
/* acct start function */
/*ARGSUSED*/
static void
aus_acct(struct t_audit_data *tad)
{