Print this page
uts: Allow for address space randomisation.
Randomise the base addresses of shared objects, non-fixed mappings, the
stack and the heap.  Introduce a service, svc:/system/process-security,
and a tool psecflags(1) to control and observe it

Split Close
Expand all
Collapse all
          --- old/usr/src/uts/common/c2/audit_event.c
          +++ new/usr/src/uts/common/c2/audit_event.c
↓ open down ↓ 128 lines elided ↑ open up ↑
 129  129  static void     aus_setgid(struct t_audit_data *);
 130  130  static void     aus_setpgrp(struct t_audit_data *);
 131  131  static void     aus_setuid(struct t_audit_data *);
 132  132  static void     aus_shmsys(struct t_audit_data *);
 133  133  static void     aus_doorfs(struct t_audit_data *);
 134  134  static void     aus_ioctl(struct t_audit_data *);
 135  135  static void     aus_memcntl(struct t_audit_data *);
 136  136  static void     aus_mmap(struct t_audit_data *);
 137  137  static void     aus_munmap(struct t_audit_data *);
 138  138  static void     aus_priocntlsys(struct t_audit_data *);
      139 +static void     aus_psecflags(struct t_audit_data *);
 139  140  static void     aus_setegid(struct t_audit_data *);
 140  141  static void     aus_setgroups(struct t_audit_data *);
 141  142  static void     aus_seteuid(struct t_audit_data *);
 142  143  static void     aus_putmsg(struct t_audit_data *);
 143  144  static void     aus_putpmsg(struct t_audit_data *);
 144  145  static void     aus_getmsg(struct t_audit_data *);
 145  146  static void     aus_getpmsg(struct t_audit_data *);
 146  147  static void     aus_auditsys(struct t_audit_data *);
 147  148  static void     aus_sysinfo(struct t_audit_data *);
 148  149  static void     aus_modctl(struct t_audit_data *);
↓ open down ↓ 48 lines elided ↑ open up ↑
 197  198   * PROCESSING   EVENT           PROCESSING      CALL
 198  199   * ----------   ----------      ----------      -----------
 199  200   *              FINISH          EVENT
 200  201   *              PROCESSING      CONTROL
 201  202   * ----------------------------------------------------------
 202  203   */
 203  204  aui_null,       AUE_NULL,       aus_null,       /* 0 unused (indirect) */
 204  205                  auf_null,       0,
 205  206  aui_null,       AUE_EXIT,       aus_exit,       /* 1 exit */
 206  207                  auf_null,       S2E_NPT,
 207      -aui_null,       AUE_NULL,       aus_null,       /* 2 (loadable) was forkall */
      208 +aui_null,       AUE_PSECFLAGS,  aus_psecflags,  /* 2 psecflags */
 208  209                  auf_null,       0,
 209  210  aui_null,       AUE_READ,       aus_null,       /* 3 read */
 210  211                  auf_read,       S2E_PUB,
 211  212  aui_null,       AUE_WRITE,      aus_null,       /* 4 write */
 212  213                  auf_write,      0,
 213  214  aui_open,       AUE_OPEN,       aus_open,       /* 5 open */
 214  215                  auf_null,       S2E_SP,
 215  216  aui_null,       AUE_CLOSE,      aus_close,      /* 6 close */
 216  217                  auf_null,       0,
 217  218  aui_null,       AUE_LINK,       aus_null,       /* 7 linkat */
↓ open down ↓ 518 lines elided ↑ open up ↑
 736  737  {
 737  738          uint32_t rval;
 738  739          struct a {
 739  740                  long rval;
 740  741          } *uap = (struct a *)ttolwp(curthread)->lwp_ap;
 741  742  
 742  743          rval = (uint32_t)uap->rval;
 743  744          au_uwrite(au_to_arg32(1, "exit status", rval));
 744  745  }
 745  746  
      747 +/*ARGSUSED*/
      748 +static void
      749 +aus_psecflags(struct t_audit_data *tad)
      750 +{
      751 +        struct a {
      752 +                uintptr_t psp;  /* procset_t */
      753 +                uint_t cmd;     /* psecflags_cmd_t */
      754 +                uint_t arg;
      755 +        } *uap = (struct a *)ttolwp(curthread)->lwp_ap;
      756 +
      757 +        au_uwrite(au_to_arg32(2, "cmd", (uint_t)uap->cmd));
      758 +        au_uwrite(au_to_arg32(3, "arg", (uint_t)uap->arg));
      759 +}
      760 +
 746  761  /* acct start function */
 747  762  /*ARGSUSED*/
 748  763  static void
 749  764  aus_acct(struct t_audit_data *tad)
 750  765  {
 751  766          klwp_t *clwp = ttolwp(curthread);
 752  767          uintptr_t fname;
 753  768  
 754  769          struct a {
 755  770                  long    fname;          /* char * */
↓ open down ↓ 5113 lines elided ↑ open up ↑
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX