1 .\" 2 .\" This file and its contents are supplied under the terms of the 3 .\" Common Development and Distribution License ("CDDL"), version 1.0. 4 .\" You may only use this file in accordance with the terms of version 5 .\" 1.0 of the CDDL. 6 .\" 7 .\" A full copy of the text of the CDDL should have accompanied this 8 .\" source. A copy of the CDDL is also available via the Internet at 9 .\" http://www.illumos.org/license/CDDL. 10 .\" 11 .\" Copyright 2015, Richard Lowe. 12 .\" 13 .TH "SECURITY-FLAGS" "5" "May 5, 2014" 14 .SH "NAME" 15 \fBsecurity-flags\fR - process security flags 16 .SH "DESCRIPTION" 17 Each process on an illumos system has an associated set of security-flags 18 which describe additional per-process security and exploit mitigation 19 features which are enabled for that process. 20 .P 21 There are four sets of these flags for each process, the effective set 22 (abbreviated \fIE\fR) are the set which currently apply to the process and are 23 immutable. The inheritable set (abbreviated \fII\fR) are the flags which will 24 become effective the next time the process calls one of the \fBexec(2)\fR 25 family of functions, and will be inherited as both the effective and 26 inheritable sets by any child processes. The upper set (abbreviated \fIU\fR) 27 specify the maximal flags that a process can have in its inheritable set. The 28 lower set (abbreviated \fIL\fR) specify the minimal amount of flags that a 29 process must have in its inheritable set. The inheritable set may be changed 30 at any time, subject to permissions and the lower and upper sets. 31 .P 32 To change the security-flags of a process one must have both permissions 33 equivalent to those required to send a signal to the process and have the 34 \fBPRIV_PROC_SECFLAGS\fR privilege. 35 .P 36 Currently available features are: 37 38 .sp 39 .ne 2 40 .na 41 Address Space Layout Randomisation (\fBASLR\fR) 42 .ad 43 .RS 11n 44 The base addresses of the stack, heap and shared library (including 45 \fBld.so\fR) mappings are randomised, the bases of mapped regions other than 46 those using \fBMAP_FIXED\fR are randomised. 47 .P 48 Currently, executable base addresses are \fInot\fR randomised, due to which 49 the mitigation provided by this feature is currently limited. 50 .P 51 This flag may also be enabled by the presence of the \fBDT_SUNW_ASLR\fR 52 dynamic tag in the \fB.dynamic\fR section of the executable file. If this 53 tag has a value of 1, ASLR will be enabled. If the flag has a value of 54 \fB0\fR ASLR will be disabled. If the tag is not present, the value of the 55 ASLR flag will be inherited as normal. 56 .RE 57 58 .sp 59 .ne 2 60 .na 61 Forbid mappings at NULL (\fBFORBIDNULLMAP\fR) 62 .ad 63 .RS 11n 64 Mappings with an address of 0 are forbidden, and return EINVAL rather than 65 being honored. 66 .RE 67 68 .sp 69 .ne 2 70 .na 71 Make the userspace stack non-executable (\fBNOEXECSTACK\fR) 72 .ad 73 .RS 11n 74 The stack will be mapped without executable permission, and attempts to 75 execute it will fault. 76 .RE 77 78 System default security-flags are configured via properties on the 79 \fBsvc:/system/process-security\fR service, which contains a boolean property 80 per-flag in the \fBdefault\fR, \fBlower\fR and \fBupper\fR, property groups. 81 For example, to enable ASLR by default you would execute the following 82 commands: 83 .sp 84 .in +2 85 .nf 86 # svccfg -s svc:/system/process-security setprop default/aslr = true 87 .fi 88 .in -2 89 .sp 90 .P 91 This can be done by any user with the \fBsolaris.smf.value.process-security\fR 92 authorization. 93 .P 94 Since security-flags are strictly inherited, this will not take effect until 95 the system or zone is next booted. 96 97 .SH "SEE ALSO" 98 .BR psecflags (1), 99 .BR svccfg (1M), 100 .BR brk (2), 101 .BR exec (2), 102 .BR mmap (2), 103 .BR mmapobj (2), 104 .BR privileges (5), 105 .BR rbac (5)