Print this page
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.

*** 53,62 **** --- 53,63 ---- #include <sys/auxv.h> #include <sys/resource.h> #include <sys/socket.h> #include <sys/utsname.h> #include <sys/corectl.h> + #include <sys/secflags.h> #if defined(__i386) || defined(__amd64) #include <sys/sysi86.h> #endif #ifdef __cplusplus
*** 190,199 **** --- 191,201 ---- typedef void (*pop_read_aux_t)(struct ps_prochandle *, auxv_t **, int *, void *); typedef int (*pop_cred_t)(struct ps_prochandle *, prcred_t *, int, void *); typedef int (*pop_priv_t)(struct ps_prochandle *, prpriv_t **, void *); + typedef int (*pop_secflags_t)(struct ps_prochandle *, prsecflags_t **, void *); typedef const psinfo_t *(*pop_psinfo_t)(struct ps_prochandle *, psinfo_t *, void *); typedef void (*pop_status_t)(struct ps_prochandle *, pstatus_t *, void *); typedef prheader_t *(*pop_lstatus_t)(struct ps_prochandle *, void *); typedef prheader_t *(*pop_lpsinfo_t)(struct ps_prochandle *, void *);
*** 220,229 **** --- 222,232 ---- pop_fini_t pop_fini; pop_platform_t pop_platform; pop_uname_t pop_uname; pop_zonename_t pop_zonename; pop_execname_t pop_execname; + pop_secflags_t pop_secflags; #if defined(__i386) || defined(__amd64) pop_ldt_t pop_ldt; #endif } ps_ops_t;
*** 268,277 **** --- 271,282 ---- extern void *Pprivinfo(struct ps_prochandle *); extern int Psetzoneid(struct ps_prochandle *, zoneid_t); extern int Pgetareg(struct ps_prochandle *, int, prgreg_t *); extern int Pputareg(struct ps_prochandle *, int, prgreg_t); extern int Psetrun(struct ps_prochandle *, int, int); + extern int Psecflags(struct ps_prochandle *, prsecflags_t **); + extern void Psecflags_free(prsecflags_t *); extern ssize_t Pread(struct ps_prochandle *, void *, size_t, uintptr_t); extern ssize_t Pread_string(struct ps_prochandle *, char *, size_t, uintptr_t); extern ssize_t Pwrite(struct ps_prochandle *, const void *, size_t, uintptr_t); extern int Pclearsig(struct ps_prochandle *); extern int Pclearfault(struct ps_prochandle *);
*** 694,703 **** --- 699,709 ---- extern int proc_get_cred(pid_t, prcred_t *, int); extern prpriv_t *proc_get_priv(pid_t); extern void proc_free_priv(prpriv_t *); extern int proc_get_psinfo(pid_t, psinfo_t *); extern int proc_get_status(pid_t, pstatus_t *); + extern int proc_get_secflags(pid_t, prsecflags_t **); /* * Utility functions for debugging tools to convert numeric fault, * signal, and system call numbers to symbolic names: */