Print this page
uts: Allow for address space randomisation.
Randomise the base addresses of shared objects, non-fixed mappings, the
stack and the heap.  Introduce a service, svc:/system/process-security,
and a tool psecflags(1) to control and observe it

Split Close
Expand all
Collapse all
          --- old/usr/src/uts/common/os/priv_defs
          +++ new/usr/src/uts/common/os/priv_defs
↓ open down ↓ 306 lines elided ↑ open up ↑
 307  307  privilege PRIV_PROC_PRIOUP
 308  308  
 309  309          Allows a process to elevate its priority above its current level.
 310  310  
 311  311  privilege PRIV_PROC_PRIOCNTL
 312  312  
 313  313          Allows all that PRIV_PROC_PRIOUP allows.
 314  314          Allows a process to change its scheduling class to any scheduling class,
 315  315          including the RT class.
 316  316  
      317 +privilege PRIV_PROC_SECFLAGS
      318 +
      319 +        Allows a process to manipulate the secflags of processes (subject to,
      320 +        additionally, the ability to signal that process)
      321 +
 317  322  basic privilege PRIV_PROC_SESSION
 318  323  
 319  324          Allows a process to send signals or trace processes outside its
 320  325          session.
 321  326  
 322  327  unsafe privilege PRIV_PROC_SETID
 323  328  
 324  329          Allows a process to set its uids at will.
 325  330          Assuming uid 0 requires all privileges to be asserted.
 326  331  
↓ open down ↓ 293 lines elided ↑ open up ↑
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX