uts: Allow for address space randomisation.
Randomise the base addresses of shared objects, non-fixed mappings, the
stack and the heap.  Introduce a service, svc:/system/process-security,
and a tool psecflags(1) to control and observe it

          --- old/usr/src/uts/common/sys/auxv.h
          +++ new/usr/src/uts/common/sys/auxv.h

   1    1  /*
   2    2   * CDDL HEADER START
   3    3   *
   4    4   * The contents of this file are subject to the terms of the
   5    5   * Common Development and Distribution License (the "License").
   6    6   * You may not use this file except in compliance with the License.
   7    7   *
   8    8   * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
   9    9   * or http://www.opensolaris.org/os/licensing.
  10   10   * See the License for the specific language governing permissions
  11   11   * and limitations under the License.
  12   12   *
  13   13   * When distributing Covered Code, include this CDDL HEADER in each
  14   14   * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  15   15   * If applicable, add the following below this CDDL HEADER, with the
  16   16   * fields enclosed by brackets "[]" replaced with your own identifying
  17   17   * information: Portions Copyright [yyyy] [name of copyright owner]
  18   18   *
  19   19   * CDDL HEADER END
  20   20   */
  21   21  /*      Copyright (c) 1984, 1986, 1987, 1988, 1989 AT&T */
  22   22  /*        All Rights Reserved   */
  23   23  
  24   24  
  25   25  /*
  26   26   * Copyright 2014 Garrett D'Amore <garrett@damore.org>
  27   27   *
  28   28   * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
  29   29   * Use is subject to license terms.
  30   30   */
  31   31  /*
  32   32   * Copyright (c) 2012, Joyent, Inc.  All rights reserved.
  33   33   */
  34   34  
  35   35  #ifndef _SYS_AUXV_H
  36   36  #define _SYS_AUXV_H
  37   37  
  38   38  #include <sys/types.h>
  39   39  
  40   40  #ifdef  __cplusplus
  41   41  extern "C" {
  42   42  #endif
  43   43  
  44   44  #if !defined(_ASM)
  45   45  typedef struct
  46   46  {
  47   47          int     a_type;
  48   48          union {
  49   49                  long    a_val;
  50   50                  void    *a_ptr;
  51   51                  void    (*a_fcn)();
  52   52          } a_un;
  53   53  } auxv_t;
  54   54  
  55   55  #if defined(_SYSCALL32)
  56   56  
  57   57  typedef struct {
  58   58          int32_t a_type;
  59   59          union   {
  60   60                  int32_t a_val;
  61   61                  caddr32_t a_ptr;
  62   62                  caddr32_t a_fcn;
  63   63          } a_un;
  64   64  } auxv32_t;
  65   65  
  66   66  #endif  /* _SYSCALL32 */
  67   67  
  68   68  #endif /* _ASM */
  69   69  
  70   70  #define AT_NULL         0
  71   71  #define AT_IGNORE       1
  72   72  #define AT_EXECFD       2
  73   73  #define AT_PHDR         3       /* &phdr[0] */
  74   74  #define AT_PHENT        4       /* sizeof(phdr[0]) */
  75   75  #define AT_PHNUM        5       /* # phdr entries */
  76   76  #define AT_PAGESZ       6       /* getpagesize(2) */
  77   77  #define AT_BASE         7       /* ld.so base addr */
  78   78  #define AT_FLAGS        8       /* processor flags */
  79   79  #define AT_ENTRY        9       /* a.out entry point */
  80   80  
  81   81  /*
  82   82   * These relate to the original PPC ABI document; Linux reused
  83   83   * the values for other things (see below), so disambiguation of
  84   84   * these values may require additional context in PPC binaries.
  85   85   *
  86   86   * AT_DCACHEBSIZE       10      smallest data cache block size
  87   87   * AT_ICACHEBSIZE       11      smallest instruction cache block size
  88   88   * AT_UCACHEBSIZE       12      smallest unified cache block size
  89   89   *
  90   90   * These are the values from LSB 1.3, the first five are also described
  91   91   * in the draft amd64 ABI.
  92   92   *
  93   93   * At the time of writing, Solaris doesn't place any of these values into
  94   94   * the aux vector, except AT_CLKTCK which is placed on the aux vector for
  95   95   * lx branded processes; also, we do similar things via AT_SUN_ values.
  96   96   *
  97   97   * AT_NOTELF            10      program is not ELF?
  98   98   * AT_UID               11      real user id
  99   99   * AT_EUID              12      effective user id
 100  100   * AT_GID               13      real group id
 101  101   * AT_EGID              14      effective group id
 102  102   *
 103  103   * AT_PLATFORM          15
 104  104   * AT_HWCAP             16
 105  105   * AT_CLKTCK            17      c.f. _SC_CLK_TCK
 106  106   * AT_FPUCW             18
 107  107   *
 108  108   * AT_DCACHEBSIZE       19      (moved from 10)
 109  109   * AT_ICACHEBSIZE       20      (moved from 11)
 110  110   * AT_UCACHEBSIZE       21      (moved from 12)
 111  111   *
 112  112   * AT_IGNOREPPC         22
 113  113   */
 114  114  
 115  115  /*
 116  116   * Sun extensions begin here
 117  117   */
 118  118  #define AT_SUN_UID      2000    /* effective user id */
 119  119  #define AT_SUN_RUID     2001    /* real user id */
 120  120  #define AT_SUN_GID      2002    /* effective group id */
 121  121  #define AT_SUN_RGID     2003    /* real group id */
 122  122  
 123  123  /*
 124  124   * The following attributes are specific to the
 125  125   * kernel implementation of the linker/loader.
 126  126   */
 127  127  #define AT_SUN_LDELF    2004    /* dynamic linker's ELF header */
 128  128  #define AT_SUN_LDSHDR   2005    /* dynamic linker's section headers */
 129  129  #define AT_SUN_LDNAME   2006    /* name of dynamic linker */
 130  130  #define AT_SUN_LPAGESZ  2007    /* large pagesize */
 131  131  /*
 132  132   * The following aux vector provides a null-terminated platform
 133  133   * identification string. This information is the same as provided
 134  134   * by sysinfo(2) when invoked with the command SI_PLATFORM.
 135  135   */
 136  136  #define AT_SUN_PLATFORM 2008    /* platform name */
 137  137  
 138  138  /*
 139  139   * These attributes communicate performance -hints- about processor
 140  140   * hardware capabilities that might be useful to library implementations.
 141  141   */
 142  142  #define AT_SUN_HWCAP    2009
 143  143  #define AT_SUN_HWCAP2   2023
 144  144  
 145  145  #if defined(_KERNEL)
 146  146  /*
 147  147   * User info regarding machine attributes, respectively reported to native and
 148  148   * non-native user apps.
 149  149   */
 150  150  extern uint_t auxv_hwcap;
 151  151  extern uint_t auxv_hwcap_2;
 152  152  #if defined(_SYSCALL32)
 153  153  extern uint_t auxv_hwcap32;
 154  154  extern uint_t auxv_hwcap32_2;
 155  155  #endif /* _SYSCALL32 */
 156  156  #else
 157  157  extern uint_t getisax(uint32_t *, uint_t);
 158  158  #endif  /* _KERNEL */
 159  159  
 160  160  #define AT_SUN_IFLUSH   2010    /* flush icache? */
 161  161  #define AT_SUN_CPU      2011    /* cpu name */
 162  162  
 163  163  /*
 164  164   * The following aux vector provides a pointer to a null-terminated
 165  165   * path name, a copy of the path name passed to the exec() system
 166  166   * call but that has had all symlinks resolved (see resolvepath(2)).
 167  167   */
 168  168  #define AT_SUN_EXECNAME 2014    /* exec() path name */
 169  169  
 170  170  #define AT_SUN_MMU      2015    /* mmu module name */
 171  171  #define AT_SUN_LDDATA   2016    /* dynamic linkers data segment */
 172  172  
 173  173  #define AT_SUN_AUXFLAGS 2017    /* AF_SUN_ flags passed from the kernel */
 174  174  
 175  175  /*
 176  176   * Used to indicate to the runtime linker the name of the emulation binary,
 177  177   * if one is being used. For brands, this is the name of the brand library.
 178  178   */
 179  179  #define AT_SUN_EMULATOR         2018
 180  180  
 181  181  #define AT_SUN_BRANDNAME        2019
 182  182  
 183  183  /*

 184  184   * Aux vectors available for brand modules.
 185  185   */
 186  186  #define AT_SUN_BRAND_AUX1       2020
 187  187  #define AT_SUN_BRAND_AUX2       2021
 188  188  #define AT_SUN_BRAND_AUX3       2022
 189  189  
 190  190  /*
 191  191   * Note that 2023 is reserved for the AT_SUN_HWCAP2 word defined above.
 192  192   */
 193  193  
      194 +#define AT_SUN_SECFLAGS         2024
      195 +
 194  196  /*
 195  197   * The kernel is in a better position to determine whether a process needs to
 196  198   * ignore dangerous LD environment variables.  If set, this flags tells
 197  199   * ld.so.1 to run "secure" and ignore the the environment.
 198  200   */
 199  201  #define AF_SUN_SETUGID          0x00000001
 200  202  
 201  203  /*
 202  204   * If set, this flag indicates that hardware capabilites can be verified
 203  205   * against the AT_SUN_HWCAP value.

 204  206   */
 205  207  #define AF_SUN_HWCAPVERIFY      0x00000002
 206  208  
 207  209  /*
 208  210   * If set, this flag indicates that the the linker should not initialize
 209  211   * any of its link maps as primary link wrt the unified libc threading
 210  212   * interfaces.
 211  213   */
 212  214  #define AF_SUN_NOPLM            0x00000004
 213  215  
 214  216  #ifdef  __cplusplus
 215  217  }
 216  218  #endif
 217  219  
 218  220  #if defined(_AUXV_TARGET_ALL) || defined(_AUXV_TARGET_SPARC) || defined(__sparc)
 219  221  #include <sys/auxv_SPARC.h>
 220  222  #endif
 221  223  
 222  224  #if defined(_AUXV_TARGET_ALL) || defined(_AUXV_TARGET_386) || defined(__x86)
 223  225  #include <sys/auxv_386.h>
 224  226  #endif
 225  227  
 226  228  #endif  /* _SYS_AUXV_H */

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX