Print this page
uts: Allow for address space randomisation.
Randomise the base addresses of shared objects, non-fixed mappings, the
stack and the heap.  Introduce a service, svc:/system/process-security,
and a tool psecflags(1) to control and observe it

Split Close
Expand all
Collapse all
          --- old/usr/src/uts/common/os/fork.c
          +++ new/usr/src/uts/common/os/fork.c
↓ open down ↓ 1079 lines elided ↑ open up ↑
1080 1080          cp->p_brkpageszc = pp->p_brkpageszc;
1081 1081          cp->p_stksize = pp->p_stksize;
1082 1082          cp->p_stkpageszc = pp->p_stkpageszc;
1083 1083          cp->p_stkprot = pp->p_stkprot;
1084 1084          cp->p_datprot = pp->p_datprot;
1085 1085          cp->p_usrstack = pp->p_usrstack;
1086 1086          cp->p_model = pp->p_model;
1087 1087          cp->p_ppid = pp->p_pid;
1088 1088          cp->p_ancpid = pp->p_pid;
1089 1089          cp->p_portcnt = pp->p_portcnt;
     1090 +        /*
     1091 +         * Security flags are preserved on fork, the inherited copy come into
     1092 +         * effect on exec
     1093 +         */
     1094 +        bcopy(&pp->p_secflags, &cp->p_secflags, sizeof (psecflags_t));
1090 1095  
1091 1096          /*
1092 1097           * Initialize watchpoint structures
1093 1098           */
1094 1099          avl_create(&cp->p_warea, wa_compare, sizeof (struct watched_area),
1095 1100              offsetof(struct watched_area, wa_link));
1096 1101  
1097 1102          /*
1098 1103           * Initialize immediate resource control values.
1099 1104           */
↓ open down ↓ 363 lines elided ↑ open up ↑
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX