Print this page
uts: Allow for address space randomisation.
Randomise the base addresses of shared objects, non-fixed mappings, the
stack and the heap.  Introduce a service, svc:/system/process-security,
and a tool psecflags(1) to control and observe it

*** 157,161 **** --- 157,188 ---- (pctx->free_op)(pctx->arg, isexec); kmem_free(pctx, sizeof (struct pctxop)); } kpreempt_enable(); } + + boolean_t + secflag_enabled(proc_t *p, uint_t flag) + { + return ((p->p_secflags.psf_effective & flag) != 0); + } + + void + secflag_set(proc_t *p, uint_t flag) + { + p->p_secflags.psf_inherit = flag; + } + + void + secflag_enable(proc_t *p, uint_t flag) { + p->p_secflags.psf_inherit |= flag; + } + + void + secflag_disable(proc_t *p, uint_t flag) { + p->p_secflags.psf_inherit &= ~flag; + } + + void + secflag_promote(proc_t *p) { + p->p_secflags.psf_effective = p->p_secflags.psf_inherit; + }