Print this page
uts: Allow for address space randomisation.
Randomise the base addresses of shared objects, non-fixed mappings, the
stack and the heap.  Introduce a service, svc:/system/process-security,
and a tool psecflags(1) to control and observe it

@@ -110,10 +110,11 @@
 int     pause();
 long    pcsample(void *, long);
 int     privsys(int, priv_op_t, priv_ptype_t, void *, size_t, int);
 int     profil(unsigned short *, size_t, ulong_t, uint_t);
 ssize_t pread(int, void *, size_t, off_t);
+int     psecflags();
 ssize_t pwrite(int, void *, size_t, off_t);
 ssize_t read(int, void *, size_t);
 int     rename(char *, char *);
 int     renameat(int, char *, int, char *);
 void    rexit(int);

@@ -437,11 +438,11 @@
 {
         /*  0 */ IF_LP64(
                         SYSENT_NOSYS(),
                         SYSENT_C("indir",       indir,          1)),
         /*  1 */ SYSENT_CI("exit",              rexit,          1),
-        /*  2 */ SYSENT_LOADABLE(),                     /* (was forkall) */
+        /*  2 */ SYSENT_CI("psecflags",         psecflags,      3),
         /*  3 */ SYSENT_CL("read",              read,           3),
         /*  4 */ SYSENT_CL("write",             write,          3),
         /*  5 */ SYSENT_CI("open",              open,           3),
         /*  6 */ SYSENT_CI("close",             close,          1),
         /*  7 */ SYSENT_CI("linkat",            linkat,         5),

@@ -818,11 +819,11 @@
  */
 struct sysent sysent32[NSYSCALL] =
 {
         /*  0 */ SYSENT_C("indir",              indir,          1),
         /*  1 */ SYSENT_CI("exit",      (int (*)())rexit,       1),
-        /*  2 */ SYSENT_LOADABLE32(),                   /* (was forkall) */
+        /*  2 */ SYSENT_CI("psecflags",         psecflags,      3),
         /*  3 */ SYSENT_CI("read",              read32,         3),
         /*  4 */ SYSENT_CI("write",             write32,        3),
         /*  5 */ SYSENT_CI("open",              open32,         3),
         /*  6 */ SYSENT_CI("close",             close,          1),
         /*  7 */ SYSENT_CI("linkat",            linkat,         5),