Print this page
Code review comments from jeffpc
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.

Split Close
Expand all
Collapse all
          --- old/usr/src/uts/common/os/fork.c
          +++ new/usr/src/uts/common/os/fork.c
↓ open down ↓ 1079 lines elided ↑ open up ↑
1080 1080          cp->p_brkpageszc = pp->p_brkpageszc;
1081 1081          cp->p_stksize = pp->p_stksize;
1082 1082          cp->p_stkpageszc = pp->p_stkpageszc;
1083 1083          cp->p_stkprot = pp->p_stkprot;
1084 1084          cp->p_datprot = pp->p_datprot;
1085 1085          cp->p_usrstack = pp->p_usrstack;
1086 1086          cp->p_model = pp->p_model;
1087 1087          cp->p_ppid = pp->p_pid;
1088 1088          cp->p_ancpid = pp->p_pid;
1089 1089          cp->p_portcnt = pp->p_portcnt;
     1090 +        /*
     1091 +         * Security flags are preserved on fork, the inherited copy come into
     1092 +         * effect on exec
     1093 +         */
     1094 +        cp->p_secflags = pp->p_secflags;
1090 1095  
1091 1096          /*
1092 1097           * Initialize watchpoint structures
1093 1098           */
1094 1099          avl_create(&cp->p_warea, wa_compare, sizeof (struct watched_area),
1095 1100              offsetof(struct watched_area, wa_link));
1096 1101  
1097 1102          /*
1098 1103           * Initialize immediate resource control values.
1099 1104           */
↓ open down ↓ 363 lines elided ↑ open up ↑
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX