Print this page
Code review comments from jeffpc
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.
*** 32,41 ****
--- 32,42 ----
#include <stdio.h>
#include <string.h>
#include <sys/types.h>
#include <unistd.h>
#include <sys/corectl.h>
+ #include <procfs.h>
#include <msg.h>
#include <_elfdump.h>
#include <struct_layout.h>
#include <conv.h>
*** 164,174 ****
static Word
extract_as_word(note_state_t *state, const sl_field_t *fdesc)
{
return (sl_extract_as_word(state->ns_data, state->ns_swap, fdesc));
}
! static Word
extract_as_lword(note_state_t *state, const sl_field_t *fdesc)
{
return (sl_extract_as_lword(state->ns_data, state->ns_swap, fdesc));
}
static int
--- 165,175 ----
static Word
extract_as_word(note_state_t *state, const sl_field_t *fdesc)
{
return (sl_extract_as_word(state->ns_data, state->ns_swap, fdesc));
}
! static Lword
extract_as_lword(note_state_t *state, const sl_field_t *fdesc)
{
return (sl_extract_as_lword(state->ns_data, state->ns_swap, fdesc));
}
static int
*** 434,443 ****
--- 435,445 ----
union {
Conv_cap_val_hw1_buf_t hw1;
Conv_cap_val_hw2_buf_t hw2;
Conv_cnote_auxv_af_buf_t auxv_af;
Conv_ehdr_flags_buf_t ehdr_flags;
+ Conv_secflags_buf_t secflags;
Conv_inv_buf_t inv;
} conv_buf;
sl_fmtbuf_t buf;
int ndx, ndx_start;
Word sizeof_auxv;
*** 825,834 ****
--- 827,876 ----
MSG_ORIG(MSG_CNOTE_T_TV_NSEC), tv_nsec);
indent_exit(state);
}
+ /*
+ * Output information from prsecflags_t structure.
+ */
+ static void
+ dump_secflags(note_state_t *state, const char *title)
+ {
+ const sl_prsecflags_layout_t *layout = state->ns_arch->prsecflags;
+ Conv_secflags_buf_t inv;
+ Lword lw;
+ Word w;
+
+ indent_enter(state, title, &layout->pr_version);
+
+ w = extract_as_word(state, &layout->pr_version);
+
+ if (w != PRSECFLAGS_VERSION_1) {
+ PRINT_DEC(MSG_INTL(MSG_NOTE_BAD_SECFLAGS_VER), pr_version);
+ dump_hex_bytes(state->ns_data, state->ns_len, state->ns_indent,
+ 4, 3);
+ } else {
+ PRINT_DEC(MSG_ORIG(MSG_CNOTE_T_PR_VERSION), pr_version);
+ lw = extract_as_lword(state, &layout->pr_effective);
+ print_str(state, MSG_ORIG(MSG_CNOTE_T_PR_EFFECTIVE),
+ conv_prsecflags(lw, 0, &inv));
+
+ lw = extract_as_lword(state, &layout->pr_inherit);
+ print_str(state, MSG_ORIG(MSG_CNOTE_T_PR_INHERIT),
+ conv_prsecflags(lw, 0, &inv));
+
+ lw = extract_as_lword(state, &layout->pr_lower);
+ print_str(state, MSG_ORIG(MSG_CNOTE_T_PR_LOWER),
+ conv_prsecflags(lw, 0, &inv));
+
+ lw = extract_as_lword(state, &layout->pr_upper);
+ print_str(state, MSG_ORIG(MSG_CNOTE_T_PR_UPPER),
+ conv_prsecflags(lw, 0, &inv));
+ }
+
+ indent_exit(state);
+ }
/*
* Output information from utsname structure.
*/
static void
*** 1095,1104 ****
--- 1137,1147 ----
* higher one for the pr_lwp sub-struct.
*/
state->ns_vcol += 5;
state->ns_t2col += 5;
state->ns_v2col += 5;
+
PRINT_SUBTYPE(MSG_ORIG(MSG_CNOTE_T_PR_LWP), pr_lwp, dump_lwpstatus);
state->ns_vcol -= 5;
state->ns_t2col -= 5;
state->ns_v2col -= 5;
*** 1855,1863 ****
--- 1898,1913 ----
state.ns_vcol = 25;
state.ns_t2col = 45;
state.ns_v2col = 58;
dump_psinfo(&state, MSG_ORIG(MSG_CNOTE_DESC_PSINFO_T));
return (CORENOTE_R_OK);
+
+ case NT_SECFLAGS:
+ state.ns_vcol = 23;
+ state.ns_t2col = 41;
+ state.ns_v2col = 54;
+ dump_secflags(&state, MSG_ORIG(MSG_CNOTE_DESC_PRSECFLAGS_T));
+ return (CORENOTE_R_OK);
}
return (CORENOTE_R_BADTYPE);
}