Print this page
Code review comments from jeffpc
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/man/man5/security-flags.5.man.txt
+++ new/usr/src/man/man5/security-flags.5.man.txt
1 1 SECURITY-FLAGS(5) Standards, Environments, and Macros SECURITY-FLAGS(5)
2 2
3 3
4 4
5 5 NAME
6 6 security-flags - process security flags
7 7
8 8 DESCRIPTION
9 9 Each process on an illumos system has an associated set of security-
10 10 flags which describe additional per-process security and exploit
11 11 mitigation features which are enabled for that process.
12 12
13 13 There are four sets of these flags for each process, the effective set
14 14 (abbreviated E) are the set which currently apply to the process and
15 15 are immutable. The inheritable set (abbreviated I) are the flags which
16 16 will become effective the next time the process calls one of the
17 17 exec(2) family of functions, and will be inherited as both the
18 18 effective and inheritable sets by any child processes. The upper set
19 19 (abbreviated U) specify the maximal flags that a process can have in
20 20 its inheritable set. The lower set (abbreviated L) specify the minimal
21 21 amount of flags that a process must have in its inheritable set. The
22 22 inheritable set may be changed at any time, subject to permissions and
23 23 the lower and upper sets.
24 24
25 25 To change the security-flags of a process one must have both
26 26 permissions equivalent to those required to send a signal to the
27 27 process and have the PRIV_PROC_SECFLAGS privilege.
28 28
29 29 Currently available features are:
30 30
31 31
32 32 Address Space Layout Randomisation (ASLR)
33 33 The base addresses of the stack, heap and shared library
34 34 (including ld.so) mappings are randomised, the bases of
35 35 mapped regions other than those using MAP_FIXED are
36 36 randomised.
37 37
38 38 Currently, executable base addresses are not randomised, due
39 39 to which the mitigation provided by this feature is
40 40 currently limited.
41 41
42 42 This flag may also be enabled by the presence of the
43 43 DT_SUNW_ASLR dynamic tag in the .dynamic section of the
44 44 executable file. If this tag has a value of 1, ASLR will be
45 45 enabled. If the flag has a value of 0 ASLR will be disabled.
46 46 If the tag is not present, the value of the ASLR flag will
47 47 be inherited as normal.
48 48
49 49
50 50 Forbid mappings at NULL (FORBIDNULLMAP)
51 51 Mappings with an address of 0 are forbidden, and return
52 52 EINVAL rather than being honored.
53 53
54 54
55 55 Make the userspace stack non-executable (NOEXECSTACK)
56 56 The stack will be mapped without executable permission, and
57 57 attempts to execute it will fault.
58 58
59 59 System default security-flags are configured via properties on the
60 60 svc:/system/process-security service, which contains a boolean property
61 61 per-flag in the default, lower and upper, property groups. For
62 62 example, to enable ASLR by default you would execute the following
63 63 commands:
64 64
65 65 # svccfg -s svc:/system/process-security setprop default/aslr = true
66 66
67 67
68 68 This can be done by any user with the solaris.smf.value.process-
69 69 security authorization.
70 70
|
↓ open down ↓ |
70 lines elided |
↑ open up ↑ |
71 71 Since security-flags are strictly inherited, this will not take effect
72 72 until the system or zone is next booted.
73 73
74 74
75 75 SEE ALSO
76 76 psecflags(1), svccfg(1M), brk(2), exec(2), mmap(2), mmapobj(2),
77 77 privileges(5), rbac(5)
78 78
79 79
80 80
81 - May 5, 2014 SECURITY-FLAGS(5)
81 + June 6, 2016 SECURITY-FLAGS(5)
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX