Print this page
Code review comments from jeffpc
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.

*** 32,41 **** --- 32,42 ---- #include <stdio.h> #include <string.h> #include <sys/types.h> #include <unistd.h> #include <sys/corectl.h> + #include <procfs.h> #include <msg.h> #include <_elfdump.h> #include <struct_layout.h> #include <conv.h>
*** 164,174 **** static Word extract_as_word(note_state_t *state, const sl_field_t *fdesc) { return (sl_extract_as_word(state->ns_data, state->ns_swap, fdesc)); } ! static Word extract_as_lword(note_state_t *state, const sl_field_t *fdesc) { return (sl_extract_as_lword(state->ns_data, state->ns_swap, fdesc)); } static int --- 165,175 ---- static Word extract_as_word(note_state_t *state, const sl_field_t *fdesc) { return (sl_extract_as_word(state->ns_data, state->ns_swap, fdesc)); } ! static Lword extract_as_lword(note_state_t *state, const sl_field_t *fdesc) { return (sl_extract_as_lword(state->ns_data, state->ns_swap, fdesc)); } static int
*** 434,443 **** --- 435,445 ---- union { Conv_cap_val_hw1_buf_t hw1; Conv_cap_val_hw2_buf_t hw2; Conv_cnote_auxv_af_buf_t auxv_af; Conv_ehdr_flags_buf_t ehdr_flags; + Conv_secflags_buf_t secflags; Conv_inv_buf_t inv; } conv_buf; sl_fmtbuf_t buf; int ndx, ndx_start; Word sizeof_auxv;
*** 825,834 **** --- 827,876 ---- MSG_ORIG(MSG_CNOTE_T_TV_NSEC), tv_nsec); indent_exit(state); } + /* + * Output information from prsecflags_t structure. + */ + static void + dump_secflags(note_state_t *state, const char *title) + { + const sl_prsecflags_layout_t *layout = state->ns_arch->prsecflags; + Conv_secflags_buf_t inv; + Lword lw; + Word w; + + indent_enter(state, title, &layout->pr_version); + + w = extract_as_word(state, &layout->pr_version); + + if (w != PRSECFLAGS_VERSION_1) { + PRINT_DEC(MSG_INTL(MSG_NOTE_BAD_SECFLAGS_VER), pr_version); + dump_hex_bytes(state->ns_data, state->ns_len, state->ns_indent, + 4, 3); + } else { + PRINT_DEC(MSG_ORIG(MSG_CNOTE_T_PR_VERSION), pr_version); + lw = extract_as_lword(state, &layout->pr_effective); + print_str(state, MSG_ORIG(MSG_CNOTE_T_PR_EFFECTIVE), + conv_prsecflags(lw, 0, &inv)); + + lw = extract_as_lword(state, &layout->pr_inherit); + print_str(state, MSG_ORIG(MSG_CNOTE_T_PR_INHERIT), + conv_prsecflags(lw, 0, &inv)); + + lw = extract_as_lword(state, &layout->pr_lower); + print_str(state, MSG_ORIG(MSG_CNOTE_T_PR_LOWER), + conv_prsecflags(lw, 0, &inv)); + + lw = extract_as_lword(state, &layout->pr_upper); + print_str(state, MSG_ORIG(MSG_CNOTE_T_PR_UPPER), + conv_prsecflags(lw, 0, &inv)); + } + + indent_exit(state); + } /* * Output information from utsname structure. */ static void
*** 1095,1104 **** --- 1137,1147 ---- * higher one for the pr_lwp sub-struct. */ state->ns_vcol += 5; state->ns_t2col += 5; state->ns_v2col += 5; + PRINT_SUBTYPE(MSG_ORIG(MSG_CNOTE_T_PR_LWP), pr_lwp, dump_lwpstatus); state->ns_vcol -= 5; state->ns_t2col -= 5; state->ns_v2col -= 5;
*** 1855,1863 **** --- 1898,1913 ---- state.ns_vcol = 25; state.ns_t2col = 45; state.ns_v2col = 58; dump_psinfo(&state, MSG_ORIG(MSG_CNOTE_DESC_PSINFO_T)); return (CORENOTE_R_OK); + + case NT_SECFLAGS: + state.ns_vcol = 23; + state.ns_t2col = 41; + state.ns_v2col = 54; + dump_secflags(&state, MSG_ORIG(MSG_CNOTE_DESC_PRSECFLAGS_T)); + return (CORENOTE_R_OK); } return (CORENOTE_R_BADTYPE); }