Print this page
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.
*** 160,171 ****
"priv" },
{ PR_PATHDIR, 25 * sizeof (prdirent_t), sizeof (prdirent_t),
"path" },
{ PR_CTDIR, 26 * sizeof (prdirent_t), sizeof (prdirent_t),
"contracts" },
#if defined(__x86)
! { PR_LDT, 27 * sizeof (prdirent_t), sizeof (prdirent_t),
"ldt" },
#endif
};
#define NPIDDIRFILES (sizeof (piddir) / sizeof (piddir[0]) - 2)
--- 160,173 ----
"priv" },
{ PR_PATHDIR, 25 * sizeof (prdirent_t), sizeof (prdirent_t),
"path" },
{ PR_CTDIR, 26 * sizeof (prdirent_t), sizeof (prdirent_t),
"contracts" },
+ { PR_SECFLAGS, 27 * sizeof (prdirent_t), sizeof (prdirent_t),
+ "secflags" },
#if defined(__x86)
! { PR_LDT, 28 * sizeof (prdirent_t), sizeof (prdirent_t),
"ldt" },
#endif
};
#define NPIDDIRFILES (sizeof (piddir) / sizeof (piddir[0]) - 2)
*** 583,593 ****
pr_read_ldt(),
#endif
pr_read_usage(), pr_read_lusage(), pr_read_pagedata(),
pr_read_watch(), pr_read_lwpstatus(), pr_read_lwpsinfo(),
pr_read_lwpusage(), pr_read_xregs(), pr_read_priv(),
! pr_read_spymaster(),
#if defined(__sparc)
pr_read_gwindows(), pr_read_asrs(),
#endif
pr_read_piddir(), pr_read_pidfile(), pr_read_opagedata();
--- 585,595 ----
pr_read_ldt(),
#endif
pr_read_usage(), pr_read_lusage(), pr_read_pagedata(),
pr_read_watch(), pr_read_lwpstatus(), pr_read_lwpsinfo(),
pr_read_lwpusage(), pr_read_xregs(), pr_read_priv(),
! pr_read_spymaster(), pr_read_secflags(),
#if defined(__sparc)
pr_read_gwindows(), pr_read_asrs(),
#endif
pr_read_piddir(), pr_read_pidfile(), pr_read_opagedata();
*** 637,646 ****
--- 639,649 ----
pr_read_priv, /* /proc/<pid>/priv */
pr_read_inval, /* /proc/<pid>/path */
pr_read_inval, /* /proc/<pid>/path/xxx */
pr_read_inval, /* /proc/<pid>/contracts */
pr_read_inval, /* /proc/<pid>/contracts/<ctid> */
+ pr_read_secflags, /* /proc/<pid>/secflags */
pr_read_pidfile, /* old process file */
pr_read_pidfile, /* old lwp file */
pr_read_opagedata, /* old pagedata file */
};
*** 1599,1608 ****
--- 1602,1630 ----
prunlock(pnp);
return (pr_uioread(&psinfo, sizeof (psinfo), uiop));
}
+ static int
+ pr_read_secflags(prnode_t *pnp, uio_t *uiop)
+ {
+ prsecflags_t ret;
+ int error;
+ proc_t *p;
+
+ ASSERT(pnp->pr_type == PR_SECFLAGS);
+
+ if ((error = prlock(pnp, ZNO)) != 0)
+ return (error);
+
+ p = pnp->pr_common->prc_proc;
+ prgetsecflags(p, &ret);
+ prunlock(pnp);
+
+ return (pr_uioread(&ret, sizeof (ret), uiop));
+ }
+
#if defined(__sparc)
static int
pr_read_gwindows(prnode_t *pnp, uio_t *uiop)
{
*** 1794,1803 ****
--- 1816,1826 ----
pr_read_priv, /* /proc/<pid>/priv */
pr_read_inval, /* /proc/<pid>/path */
pr_read_inval, /* /proc/<pid>/path/xxx */
pr_read_inval, /* /proc/<pid>/contracts */
pr_read_inval, /* /proc/<pid>/contracts/<ctid> */
+ pr_read_secflags, /* /proc/<pid>/secflags */
pr_read_pidfile, /* old process file */
pr_read_pidfile, /* old lwp file */
pr_read_opagedata_32, /* old pagedata file */
};
*** 3037,3046 ****
--- 3060,3072 ----
mutex_exit(&p->p_crlock);
break;
case PR_PRIV:
vap->va_size = prgetprivsize();
break;
+ case PR_SECFLAGS:
+ vap->va_size = sizeof (prsecflags_t);
+ break;
case PR_SIGACT:
nsig = PROC_IS_BRANDED(curproc)? BROP(curproc)->b_nsig : NSIG;
vap->va_size = (nsig-1) *
PR_OBJSIZE(struct sigaction32, struct sigaction);
break;
*** 3334,3343 ****
--- 3360,3370 ----
pr_lookup_notdir, /* /proc/<pid>/priv */
pr_lookup_pathdir, /* /proc/<pid>/path */
pr_lookup_notdir, /* /proc/<pid>/path/xxx */
pr_lookup_ctdir, /* /proc/<pid>/contracts */
pr_lookup_notdir, /* /proc/<pid>/contracts/<ctid> */
+ pr_lookup_notdir, /* /proc/<pid>/secflags */
pr_lookup_notdir, /* old process file */
pr_lookup_notdir, /* old lwp file */
pr_lookup_notdir, /* old pagedata file */
};
*** 4683,4692 ****
--- 4710,4720 ----
pr_readdir_notdir, /* /proc/<pid>/priv */
pr_readdir_pathdir, /* /proc/<pid>/path */
pr_readdir_notdir, /* /proc/<pid>/path/xxx */
pr_readdir_ctdir, /* /proc/<pid>/contracts */
pr_readdir_notdir, /* /proc/<pid>/contracts/<ctid> */
+ pr_readdir_notdir, /* /proc/<pid>/secflags */
pr_readdir_notdir, /* old process file */
pr_readdir_notdir, /* old lwp file */
pr_readdir_notdir, /* old pagedata file */
};