il_7029-2 Sdiff usr/src/cmd/praudit/token.c

Print this page

7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.

2329  *      privilege token id      adr_char
2330  *      privilege type          adr_string
2331  *      privilege               adr_string
2332  * -----------------------------------------------------------------------
2333  */
2334 int
2335 privilege_token(pr_context_t *context)
2336 {
2337         int     returnstat;
2338 
2339         /* privilege type: */
2340         returnstat = process_tag(context, TAG_SETTYPE, 0, 0);
2341 
2342         /* Done with attributes; force end of token open */
2343         if (returnstat == 0)
2344                 returnstat = finish_open_tag(context);
2345 
2346         /* privilege: */
2347         return (pa_adr_string(context, returnstat, 1));
2348 }

2329  *      privilege token id      adr_char
2330  *      privilege type          adr_string
2331  *      privilege               adr_string
2332  * -----------------------------------------------------------------------
2333  */
2334 int
2335 privilege_token(pr_context_t *context)
2336 {
2337         int     returnstat;
2338 
2339         /* privilege type: */
2340         returnstat = process_tag(context, TAG_SETTYPE, 0, 0);
2341 
2342         /* Done with attributes; force end of token open */
2343         if (returnstat == 0)
2344                 returnstat = finish_open_tag(context);
2345 
2346         /* privilege: */
2347         return (pa_adr_string(context, returnstat, 1));
2348 }
2349 
2350 /*
2351  * -----------------------------------------------------------------------
2352  * secflags_token()     : Process privilege token and display contents
2353  * return codes         : -1 - error
2354  *                      :  0 - successful
2355  * NOTE: At the time of call, the secflags token id has been retrieved
2356  *
2357  * Format of secflags token:
2358  *      secflags token id       adr_char
2359  *      secflag set name        adr_string
2360  *      secflags                adr_string
2361  * -----------------------------------------------------------------------
2362  */
2363 int
2364 secflags_token(pr_context_t *context)
2365 {
2366         int     returnstat;
2367 
2368         /* Set name */
2369         returnstat = process_tag(context, TAG_SETTYPE, 0, 0);
2370 
2371         /* Done with attributes; force end of token open */
2372         if (returnstat == 0)
2373                 returnstat = finish_open_tag(context);
2374 
2375         /* set */
2376         return (pa_adr_string(context, returnstat, 1));
2377 }