Print this page
uts: Allow for address space randomisation.
Randomise the base addresses of shared objects, non-fixed mappings, the
stack and the heap.  Introduce a service, svc:/system/process-security,
and a tool psecflags(1) to control and observe it

Split Close
Expand all
Collapse all
          --- old/usr/src/uts/common/os/proc.c
          +++ new/usr/src/uts/common/os/proc.c
↓ open down ↓ 151 lines elided ↑ open up ↑
 152  152  
 153  153          kpreempt_disable();
 154  154          while ((pctx = p->p_pctx) != NULL) {
 155  155                  p->p_pctx = pctx->next;
 156  156                  if (pctx->free_op != NULL)
 157  157                          (pctx->free_op)(pctx->arg, isexec);
 158  158                  kmem_free(pctx, sizeof (struct pctxop));
 159  159          }
 160  160          kpreempt_enable();
 161  161  }
      162 +
      163 +boolean_t
      164 +secflag_enabled(proc_t *p, uint_t flag)
      165 +{
      166 +        return ((p->p_secflags.psf_effective & flag) != 0);
      167 +}
      168 +
      169 +void
      170 +secflag_set(proc_t *p, uint_t flag)
      171 +{
      172 +        p->p_secflags.psf_inherit = flag;
      173 +}
      174 +
      175 +void
      176 +secflag_enable(proc_t *p, uint_t flag) {
      177 +        p->p_secflags.psf_inherit |= flag;
      178 +}
      179 +
      180 +void
      181 +secflag_disable(proc_t *p, uint_t flag) {
      182 +        p->p_secflags.psf_inherit &= ~flag;
      183 +}
      184 +
      185 +void
      186 +secflag_promote(proc_t *p) {
      187 +        p->p_secflags.psf_effective = p->p_secflags.psf_inherit;
      188 +}
    
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX