Print this page
uts: Allow for address space randomisation.
Randomise the base addresses of shared objects, non-fixed mappings, the
stack and the heap.  Introduce a service, svc:/system/process-security,
and a tool psecflags(1) to control and observe it

Split Close
Expand all
Collapse all
          --- old/usr/src/uts/common/os/cred.c
          +++ new/usr/src/uts/common/os/cred.c
↓ open down ↓ 207 lines elided ↑ open up ↑
 208  208  
 209  209          bzero(kcred, crsize);
 210  210          kcred->cr_ref = 1;
 211  211  
 212  212          /* kcred is never freed, so we don't need zone_cred_hold here */
 213  213          kcred->cr_zone = &zone0;
 214  214  
 215  215          priv_fillset(&CR_LPRIV(kcred));
 216  216          CR_IPRIV(kcred) = *priv_basic;
 217  217  
      218 +        priv_addset(&CR_IPRIV(kcred), PRIV_PROC_SECFLAGS);
      219 +
 218  220          /* Not a basic privilege, if chown is not restricted add it to I0 */
 219  221          if (!rstchown)
 220  222                  priv_addset(&CR_IPRIV(kcred), PRIV_FILE_CHOWN_SELF);
 221  223  
 222  224          /* Basic privilege, if link is restricted remove it from I0 */
 223  225          if (rstlink)
 224  226                  priv_delset(&CR_IPRIV(kcred), PRIV_FILE_LINK_ANY);
 225  227  
 226  228          CR_EPRIV(kcred) = CR_PPRIV(kcred) = CR_IPRIV(kcred);
 227  229  
↓ open down ↓ 1251 lines elided ↑ open up ↑
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX