Print this page
uts: Allow for address space randomisation.
Randomise the base addresses of shared objects, non-fixed mappings, the
stack and the heap.  Introduce a service, svc:/system/process-security,
and a tool psecflags(1) to control and observe it


  95 int     kill();
  96 int     labelsys(int, void *, void *, void *, void *, void *);
  97 int     link(char *, char *);
  98 int     linkat(int, char *, int, char *, int);
  99 off32_t lseek32(int32_t, off32_t, int32_t);
 100 off_t   lseek64(int, off_t, int);
 101 int     lgrpsys(int, long, void *);
 102 int     mmapobjsys(int, uint_t, mmapobj_result_t *, uint_t *, void *);
 103 int     mknod(char *, mode_t, dev_t);
 104 int     mknodat(int, char *, mode_t, dev_t);
 105 int     mount(long *, rval_t *);
 106 int     nice(int);
 107 int     nullsys();
 108 int     open(char *, int, int);
 109 int     openat(int, char *, int, int);
 110 int     pause();
 111 long    pcsample(void *, long);
 112 int     privsys(int, priv_op_t, priv_ptype_t, void *, size_t, int);
 113 int     profil(unsigned short *, size_t, ulong_t, uint_t);
 114 ssize_t pread(int, void *, size_t, off_t);

 115 ssize_t pwrite(int, void *, size_t, off_t);
 116 ssize_t read(int, void *, size_t);
 117 int     rename(char *, char *);
 118 int     renameat(int, char *, int, char *);
 119 void    rexit(int);
 120 int     semsys();
 121 int     setgid(gid_t);
 122 int     setpgrp(int, int, int);
 123 int     setuid(uid_t);
 124 uintptr_t       shmsys();
 125 uint64_t        sidsys(int, int, int, int);
 126 int     sigprocmask(int, sigset_t *, sigset_t *);
 127 int     sigsuspend(sigset_t);
 128 int     sigaltstack(struct sigaltstack *, struct sigaltstack *);
 129 int     sigaction(int, struct sigaction *, struct sigaction *);
 130 int     sigpending(int, sigset_t *);
 131 int     sigresend(int, siginfo_t *, sigset_t *);
 132 int     sigtimedwait(sigset_t *, siginfo_t *, timespec_t *);
 133 int     getsetcontext(int, void *);
 134 int     stat(char *, struct stat *);


 422         { 0, SE_LOADABLE, (int (*)())nosys, NULL, loadable_syscall }
 423 
 424 /*
 425  * Initialization macro for loadable 32-bit compatibility system calls.
 426  */
 427 #define SYSENT_LOADABLE32()     SYSENT_LOADABLE()
 428 
 429 #define SYSENT_NOSYS()          SYSENT_C("nosys", nosys, 0)
 430 
 431 struct sysent nosys_ent = SYSENT_NOSYS();
 432 
 433 /*
 434  * Native sysent table.
 435  */
 436 struct sysent sysent[NSYSCALL] =
 437 {
 438         /*  0 */ IF_LP64(
 439                         SYSENT_NOSYS(),
 440                         SYSENT_C("indir",       indir,          1)),
 441         /*  1 */ SYSENT_CI("exit",              rexit,          1),
 442         /*  2 */ SYSENT_LOADABLE(),                     /* (was forkall) */
 443         /*  3 */ SYSENT_CL("read",              read,           3),
 444         /*  4 */ SYSENT_CL("write",             write,          3),
 445         /*  5 */ SYSENT_CI("open",              open,           3),
 446         /*  6 */ SYSENT_CI("close",             close,          1),
 447         /*  7 */ SYSENT_CI("linkat",            linkat,         5),
 448         /*  8 */ SYSENT_LOADABLE(),                     /* (was creat) */
 449         /*  9 */ SYSENT_CI("link",              link,           2),
 450         /* 10 */ SYSENT_CI("unlink",            unlink,         1),
 451         /* 11 */ SYSENT_CI("symlinkat",         symlinkat,      3),
 452         /* 12 */ SYSENT_CI("chdir",             chdir,          1),
 453         /* 13 */ SYSENT_CL("time",              gtime,          0),
 454         /* 14 */ SYSENT_CI("mknod",             mknod,          3),
 455         /* 15 */ SYSENT_CI("chmod",             chmod,          2),
 456         /* 16 */ SYSENT_CI("chown",             chown,          3),
 457         /* 17 */ SYSENT_CI("brk",               brk,            1),
 458         /* 18 */ SYSENT_CI("stat",              stat,           2),
 459         /* 19 */ IF_LP64(
 460                         SYSENT_CL("lseek",      lseek64,        3),
 461                         SYSENT_CL("lseek",      lseek32,        3)),
 462         /* 20 */ SYSENT_2CI("getpid",           getpid,         0),


 803 extern int waitsys32(idtype_t, id_t, siginfo_t *, int);
 804 
 805 extern ssize_t recv32(int32_t, caddr32_t, size32_t, int32_t);
 806 extern ssize_t recvfrom32(int32_t, caddr32_t, size32_t, int32_t, caddr32_t,
 807     caddr32_t);
 808 extern ssize_t send32(int32_t, caddr32_t, size32_t, int32_t);
 809 extern ssize_t sendto32(int32_t, caddr32_t, size32_t, int32_t, caddr32_t,
 810     socklen_t);
 811 
 812 extern int privsys32(int, priv_op_t, priv_ptype_t, caddr32_t, size32_t, int);
 813 extern int ucredsys32(int, int, caddr32_t);
 814 
 815 /*
 816  * sysent table for ILP32 processes running on
 817  * a LP64 kernel.
 818  */
 819 struct sysent sysent32[NSYSCALL] =
 820 {
 821         /*  0 */ SYSENT_C("indir",              indir,          1),
 822         /*  1 */ SYSENT_CI("exit",      (int (*)())rexit,       1),
 823         /*  2 */ SYSENT_LOADABLE32(),                   /* (was forkall) */
 824         /*  3 */ SYSENT_CI("read",              read32,         3),
 825         /*  4 */ SYSENT_CI("write",             write32,        3),
 826         /*  5 */ SYSENT_CI("open",              open32,         3),
 827         /*  6 */ SYSENT_CI("close",             close,          1),
 828         /*  7 */ SYSENT_CI("linkat",            linkat,         5),
 829         /*  8 */ SYSENT_LOADABLE32(),                   /* (was creat32) */
 830         /*  9 */ SYSENT_CI("link",              link,           2),
 831         /* 10 */ SYSENT_CI("unlink",            unlink,         1),
 832         /* 11 */ SYSENT_CI("symlinkat",         symlinkat,      3),
 833         /* 12 */ SYSENT_CI("chdir",             chdir,          1),
 834         /* 13 */ SYSENT_CI("time",              gtime,          0),
 835         /* 14 */ SYSENT_CI("mknod",             mknod,          3),
 836         /* 15 */ SYSENT_CI("chmod",             chmod,          2),
 837         /* 16 */ SYSENT_CI("chown",             chown,          3),
 838         /* 17 */ SYSENT_CI("brk",               brk,            1),
 839         /* 18 */ SYSENT_CI("stat",              stat32,         2),
 840         /* 19 */ SYSENT_CI("lseek",             lseek32,        3),
 841         /* 20 */ SYSENT_2CI("getpid",           getpid,         0),
 842         /* 21 */ SYSENT_AP("mount",             mount,          8),
 843         /* 22 */ SYSENT_CI("readlinkat",        readlinkat32,   4),




  95 int     kill();
  96 int     labelsys(int, void *, void *, void *, void *, void *);
  97 int     link(char *, char *);
  98 int     linkat(int, char *, int, char *, int);
  99 off32_t lseek32(int32_t, off32_t, int32_t);
 100 off_t   lseek64(int, off_t, int);
 101 int     lgrpsys(int, long, void *);
 102 int     mmapobjsys(int, uint_t, mmapobj_result_t *, uint_t *, void *);
 103 int     mknod(char *, mode_t, dev_t);
 104 int     mknodat(int, char *, mode_t, dev_t);
 105 int     mount(long *, rval_t *);
 106 int     nice(int);
 107 int     nullsys();
 108 int     open(char *, int, int);
 109 int     openat(int, char *, int, int);
 110 int     pause();
 111 long    pcsample(void *, long);
 112 int     privsys(int, priv_op_t, priv_ptype_t, void *, size_t, int);
 113 int     profil(unsigned short *, size_t, ulong_t, uint_t);
 114 ssize_t pread(int, void *, size_t, off_t);
 115 int     psecflags();
 116 ssize_t pwrite(int, void *, size_t, off_t);
 117 ssize_t read(int, void *, size_t);
 118 int     rename(char *, char *);
 119 int     renameat(int, char *, int, char *);
 120 void    rexit(int);
 121 int     semsys();
 122 int     setgid(gid_t);
 123 int     setpgrp(int, int, int);
 124 int     setuid(uid_t);
 125 uintptr_t       shmsys();
 126 uint64_t        sidsys(int, int, int, int);
 127 int     sigprocmask(int, sigset_t *, sigset_t *);
 128 int     sigsuspend(sigset_t);
 129 int     sigaltstack(struct sigaltstack *, struct sigaltstack *);
 130 int     sigaction(int, struct sigaction *, struct sigaction *);
 131 int     sigpending(int, sigset_t *);
 132 int     sigresend(int, siginfo_t *, sigset_t *);
 133 int     sigtimedwait(sigset_t *, siginfo_t *, timespec_t *);
 134 int     getsetcontext(int, void *);
 135 int     stat(char *, struct stat *);


 423         { 0, SE_LOADABLE, (int (*)())nosys, NULL, loadable_syscall }
 424 
 425 /*
 426  * Initialization macro for loadable 32-bit compatibility system calls.
 427  */
 428 #define SYSENT_LOADABLE32()     SYSENT_LOADABLE()
 429 
 430 #define SYSENT_NOSYS()          SYSENT_C("nosys", nosys, 0)
 431 
 432 struct sysent nosys_ent = SYSENT_NOSYS();
 433 
 434 /*
 435  * Native sysent table.
 436  */
 437 struct sysent sysent[NSYSCALL] =
 438 {
 439         /*  0 */ IF_LP64(
 440                         SYSENT_NOSYS(),
 441                         SYSENT_C("indir",       indir,          1)),
 442         /*  1 */ SYSENT_CI("exit",              rexit,          1),
 443         /*  2 */ SYSENT_CI("psecflags",         psecflags,      3),
 444         /*  3 */ SYSENT_CL("read",              read,           3),
 445         /*  4 */ SYSENT_CL("write",             write,          3),
 446         /*  5 */ SYSENT_CI("open",              open,           3),
 447         /*  6 */ SYSENT_CI("close",             close,          1),
 448         /*  7 */ SYSENT_CI("linkat",            linkat,         5),
 449         /*  8 */ SYSENT_LOADABLE(),                     /* (was creat) */
 450         /*  9 */ SYSENT_CI("link",              link,           2),
 451         /* 10 */ SYSENT_CI("unlink",            unlink,         1),
 452         /* 11 */ SYSENT_CI("symlinkat",         symlinkat,      3),
 453         /* 12 */ SYSENT_CI("chdir",             chdir,          1),
 454         /* 13 */ SYSENT_CL("time",              gtime,          0),
 455         /* 14 */ SYSENT_CI("mknod",             mknod,          3),
 456         /* 15 */ SYSENT_CI("chmod",             chmod,          2),
 457         /* 16 */ SYSENT_CI("chown",             chown,          3),
 458         /* 17 */ SYSENT_CI("brk",               brk,            1),
 459         /* 18 */ SYSENT_CI("stat",              stat,           2),
 460         /* 19 */ IF_LP64(
 461                         SYSENT_CL("lseek",      lseek64,        3),
 462                         SYSENT_CL("lseek",      lseek32,        3)),
 463         /* 20 */ SYSENT_2CI("getpid",           getpid,         0),


 804 extern int waitsys32(idtype_t, id_t, siginfo_t *, int);
 805 
 806 extern ssize_t recv32(int32_t, caddr32_t, size32_t, int32_t);
 807 extern ssize_t recvfrom32(int32_t, caddr32_t, size32_t, int32_t, caddr32_t,
 808     caddr32_t);
 809 extern ssize_t send32(int32_t, caddr32_t, size32_t, int32_t);
 810 extern ssize_t sendto32(int32_t, caddr32_t, size32_t, int32_t, caddr32_t,
 811     socklen_t);
 812 
 813 extern int privsys32(int, priv_op_t, priv_ptype_t, caddr32_t, size32_t, int);
 814 extern int ucredsys32(int, int, caddr32_t);
 815 
 816 /*
 817  * sysent table for ILP32 processes running on
 818  * a LP64 kernel.
 819  */
 820 struct sysent sysent32[NSYSCALL] =
 821 {
 822         /*  0 */ SYSENT_C("indir",              indir,          1),
 823         /*  1 */ SYSENT_CI("exit",      (int (*)())rexit,       1),
 824         /*  2 */ SYSENT_CI("psecflags",         psecflags,      3),
 825         /*  3 */ SYSENT_CI("read",              read32,         3),
 826         /*  4 */ SYSENT_CI("write",             write32,        3),
 827         /*  5 */ SYSENT_CI("open",              open32,         3),
 828         /*  6 */ SYSENT_CI("close",             close,          1),
 829         /*  7 */ SYSENT_CI("linkat",            linkat,         5),
 830         /*  8 */ SYSENT_LOADABLE32(),                   /* (was creat32) */
 831         /*  9 */ SYSENT_CI("link",              link,           2),
 832         /* 10 */ SYSENT_CI("unlink",            unlink,         1),
 833         /* 11 */ SYSENT_CI("symlinkat",         symlinkat,      3),
 834         /* 12 */ SYSENT_CI("chdir",             chdir,          1),
 835         /* 13 */ SYSENT_CI("time",              gtime,          0),
 836         /* 14 */ SYSENT_CI("mknod",             mknod,          3),
 837         /* 15 */ SYSENT_CI("chmod",             chmod,          2),
 838         /* 16 */ SYSENT_CI("chown",             chown,          3),
 839         /* 17 */ SYSENT_CI("brk",               brk,            1),
 840         /* 18 */ SYSENT_CI("stat",              stat32,         2),
 841         /* 19 */ SYSENT_CI("lseek",             lseek32,        3),
 842         /* 20 */ SYSENT_2CI("getpid",           getpid,         0),
 843         /* 21 */ SYSENT_AP("mount",             mount,          8),
 844         /* 22 */ SYSENT_CI("readlinkat",        readlinkat32,   4),