Print this page
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.

Split Close
Expand all
Collapse all
          --- old/usr/src/uts/common/os/privs.awk
          +++ new/usr/src/uts/common/os/privs.awk
↓ open down ↓ 14 lines elided ↑ open up ↑
  15   15  # and limitations under the License.
  16   16  #
  17   17  # When distributing Covered Code, include this CDDL HEADER in each
  18   18  # file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  19   19  # If applicable, add the following below this CDDL HEADER, with the
  20   20  # fields enclosed by brackets "[]" replaced with your own identifying
  21   21  # information: Portions Copyright [yyyy] [name of copyright owner]
  22   22  #
  23   23  # CDDL HEADER END
  24   24  #
  25      -#ident  "%Z%%M% %I%     %E% SMI"
       25 +
  26   26  #
  27   27  # This file generates three different C files:
  28   28  #
  29   29  #       <sys/priv_const.h>
  30   30  #               An implementation private set of manifest integer constant
  31   31  #               for privileges and privilege sets and manifest constants for
  32   32  #               set size, number of sets, number of privileges
  33   33  #
  34   34  #       os/priv_const.c
  35   35  #               A C source file containing the set names, privilege names
↓ open down ↓ 64 lines elided ↑ open up ↑
 100  100  #
 101  101  # Privilege strings are represented as lower case strings;
 102  102  # PRIV_ is stripped from the strings.
 103  103  #
 104  104  /^([A-Za-z]* )?privilege / {
 105  105          if (NF == 3) {
 106  106                  key = toupper($1)
 107  107                  priv = toupper($3)
 108  108                  if (set[key] != "")
 109  109                          set[key] = set[key] ";"
 110      -                set[key] = set[key] "\\\n\t\tPRIV_ASSERT((set), " priv ")"
      110 +                set[key] = set[key] "\\\n\t\tPRIV_ADDSET((set), " priv ")"
 111  111          } else {
 112  112                  priv = toupper($2);
 113  113          }
 114  114          privs[npriv] = tolower(substr(priv, 6));
 115  115          inset = 0
 116  116          inpriv = 1
 117  117  
 118  118          privind[npriv] = privbytes;
 119  119  
 120  120          tabs = (32 - length(priv) - 1)/8
↓ open down ↓ 229 lines elided ↑ open up ↑
 350  350  
 351  351                  print "\n/* Privilege sets */" > privhfile
 352  352                  for (i = 0; i < nset; i++)
 353  353                          print sdef[i] sprintf("%3d", i) > privhfile
 354  354  
 355  355                  print "\n#define\tMAX_PRIVILEGE\t\t\t "  setsize * 32 \
 356  356                          > privhfile
 357  357  
 358  358                  # Special privilege categories.
 359  359                  for (s in set)
 360      -                        print "\n#define\tPRIV_" s "_ASSERT(set)" set[s] \
      360 +                        print "\n#define\tPRIV_" s "_ADDSET(set)" set[s] \
 361  361                                  > privhfile
 362  362  
 363  363                  print "\n#endif /* _KERNEL */" > privhfile
 364  364                  print "\n#ifdef __cplusplus\n}\n#endif" > privhfile
 365  365                  print "\n#endif /* _SYS_PRIV_CONST_H */" > privhfile
 366  366                  close(privhfile)
 367  367          }
 368  368  
 369  369          if (pubhfile) {
 370  370                  cast="((const char *)"
↓ open down ↓ 36 lines elided ↑ open up ↑
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX