Print this page
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.
| Split |
Close |
| Expand all |
| Collapse all |
--- old/exception_lists/check_rtime
+++ new/exception_lists/check_rtime
1 1 #
2 2 # CDDL HEADER START
3 3 #
4 4 # The contents of this file are subject to the terms of the
5 5 # Common Development and Distribution License (the "License").
6 6 # You may not use this file except in compliance with the License.
7 7 #
8 8 # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 9 # or http://www.opensolaris.org/os/licensing.
10 10 # See the License for the specific language governing permissions
11 11 # and limitations under the License.
12 12 #
13 13 # When distributing Covered Code, include this CDDL HEADER in each
14 14 # file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 15 # If applicable, add the following below this CDDL HEADER, with the
16 16 # fields enclosed by brackets "[]" replaced with your own identifying
17 17 # information: Portions Copyright [yyyy] [name of copyright owner]
18 18 #
19 19 # CDDL HEADER END
20 20 #
21 21
22 22 #
23 23 # Copyright (c) 2009, 2010, Oracle and/or its affiliates. All rights reserved.
24 24 # Copyright 2015, OmniTI Computer Consulting, Inc. All rights reserved.
25 25 #
26 26
27 27 # This file provides exceptions to the usual rules applied to ELF objects by
28 28 # check_rtime. All strings are Perl regular expressions that are compared to
29 29 # file paths. In addition to the standard Perl syntax, there is one extension:
30 30 #
31 31 # MACH(dir)
32 32 #
33 33 # is expanded into a regular expression that matches the given
34 34 # directory, or a 64-bit subdirectory of the directory with the
35 35 # name of a 64-bit architecture. For example, MACH(lib) will match
36 36 # any of the following:
37 37 #
38 38 # lib
39 39 # lib/amd64
40 40 # lib/sparcv9
41 41
42 42
43 43 # Directory hierarchies to skip completely
44 44 SKIP ^usr/lib/libc/ # optimized libc
45 45 SKIP ^usr/lib/rcm/ # 4426119
46 46 SKIP ^usr/perl5/ # alan's taking care of these :-)
47 47 SKIP ^usr/src/ # no objects in source code
48 48
49 49 # Individual files that we don't examine
50 50 SKIP ^boot/grub/bin/grub$
51 51 # USIII specific extns. cause ldd noise on USII bld. m/c
52 52 SKIP ^usr/lib/fps/sun4u/UltraSPARC.*/fptest$
53 53 SKIP ^usr/MACH(lib)/lddstub$ # lddstub has no dependencies
54 54 SKIP ^usr/MACH(lib)/libssagent\.so\.1$ # 4328854
55 55 SKIP ^usr/lib/MACH(iconv)/geniconvtbl.so$ # 4384329
56 56
57 57 # picl file exclusions (4385799)
58 58 SKIP ^usr/platform/.*/libpsvcplugin_psr\.so\.1
59 59 SKIP ^usr/platform/.*/libpsvcpolicy_psr\.so\.1
60 60 SKIP ^usr/platform/.*/libpsvcpolicy\.so\.1
61 61 SKIP ^usr/lib/sysevent/modules/picl_slm.so$
62 62
63 63 # Objects that are allowed to have executable data segments
64 64 EXEC_DATA ^MACH(lib)/ld\.so\.1$
|
↓ open down ↓ |
64 lines elided |
↑ open up ↑ |
65 65 EXEC_DATA ^lib/libc\.so\.1$ # 6524709, 32-bit, needed for x86 only
66 66 EXEC_DATA ^lib/amd64/libumem\.so\.1$ # ptcumem
67 67 EXEC_DATA ^lib/libumem\.so\.1$ # ptcumem
68 68 EXEC_DATA ^opt/SUNWdtrt/tst/.*/ustack/tst\.helper\.exe$
69 69 EXEC_DATA ^platform/.*/MACH(kernel)/unix$
70 70 EXEC_DATA ^platform/.*/multiboot$
71 71
72 72 # Objects that are allowed to have an executable stack
73 73 EXEC_STACK ^platform/.*/MACH(kernel)/unix$
74 74 EXEC_STACK ^platform/.*/multiboot$
75 +EXEC_STACK ^opt/os-tests/tests/secflags/stacky$
75 76
76 77 # Objects for which we allow relocations to the text segment
77 78 TEXTREL ^platform/.*/MACH(kernel)/unix$
78 79
79 80 # Directories and files that are allowed to have no direct bound symbols
80 81 NODIRECT ^platform/.*/MACH(kernel)/unix$
81 82 NODIRECT ^usr/ucb
82 83 NODIRECT ^usr/4lib/sbcp$
83 84
84 85 # Identify any files that should be skipped when building a crle(1)
85 86 # configuration file. As the hwcap libraries can be loop-back mounted onto
86 87 # libc, these can confuse crle(1) because of their identical dev/inode.
87 88 NOCRLEALT ^usr/lib/libc/libc_hwcap[1-3].so.1$
88 89
89 90 # Files that should contain debugging information.
90 91 STAB ^platform/.*/MACH(kernel)/unix$
91 92
92 93 # Files that are allowed undefined references
93 94 UNDEF_REF ^usr/lib/libnisdb\.so\.2$
94 95 UNDEF_REF ^usr/snadm/lib/libsvm\.so\.1$
95 96
96 97 # Objects allowed to have unused dependencies
97 98 UNUSED_DEPS ^usr/lib/picl/plugins/ # require devtree dependencies
98 99
99 100 # libm.so.2 dependency
100 101 UNUSED_OBJ unused object=.*MACH(libm)/libm_hwcap1\.so\.2
101 102
102 103 # libnetsnmphelpers.so is empty in some net-snmp versions
103 104 UNUSED_OBJ unused object=.*/libnetsnmphelpers\.so\..*
104 105 UNREF_OBJ unreferenced object=.*/libnetsnmphelpers\.so\..*
105 106
106 107 # Unused runpaths due to dlopen() use
107 108 UNUSED_RPATH /usr/lib/fs/autofs.*\ from\ .automountd
108 109 UNUSED_RPATH /etc/ppp/plugins.*\ from\ .*pppd
109 110 UNUSED_RPATH /usr/lib/inet/ppp.*\ from\ .*pppd
110 111 UNUSED_RPATH /usr/sfw/lib.*\ from\ .*libipsecutil\.so\.1
111 112 UNUSED_RPATH /usr/platform/.*rsmlib.*\ from\ .*librsm\.so\.2
112 113 UNUSED_RPATH \$ORIGIN.*\ from\ .*fcode.so
113 114 UNUSED_RPATH /opt/VRTSvxvm/lib.*\ from\ .*libdiskmgt\.so\.1
114 115
115 116 # Unused runpaths in picl code
116 117 UNUSED_RPATH /usr/platform/.*\ from\ .*/usr/platform
117 118 UNUSED_RPATH /usr/lib/picl/.*\ from\ .*/usr/platform
118 119 UNUSED_RPATH /usr/platform/.*\ from\ .*/usr/lib/picl
119 120
120 121 # Unused runpaths in non-OSNET objects we can't change
121 122 UNUSED_RPATH /usr/lib/mps.*\ from\ .*libnss3\.so
122 123 UNUSED_RPATH /usr/lib/mps.*\ from\ .*libnssutil3\.so
123 124 UNUSED_RPATH /usr/lib/mps.*\ from\ .*libsmime3\.so
124 125 UNUSED_RPATH /usr/lib/mps.*\ from\ .*libssl3\.so
125 126 UNUSED_RPATH /usr/sfw/lib.*\ from\ .*libdbus-1\.so\.3
126 127 UNUSED_RPATH /usr/sfw/lib.*\ from\ .*libdbus-glib-1\.so\.2
127 128 UNUSED_RPATH /usr/sfw/lib.*\ from\ .*libglib-2\.0\.so\.0
128 129 UNUSED_RPATH /usr/X11/lib.*\ from\ .*libglib-2\.0\.so\.0
129 130 UNUSED_RPATH /usr/sfw/lib.*\ from\ .*libgobject-2\.0\.so\.0
130 131 UNUSED_RPATH /usr/X11/lib.*\ from\ .*libgobject-2\.0\.so\.0
131 132 UNUSED_RPATH /usr/sfw/lib.*\ from\ .*libgthread-2\.0\.so\.0
132 133 UNUSED_RPATH /usr/X11/lib.*\ from\ .*libgthread-2\.0\.so\.0
133 134 UNUSED_RPATH /usr/sfw/lib.*\ from\ .*libcrypto\.so\.0\.9\.8
134 135 UNUSED_RPATH /usr/sfw/lib.*\ from\ .*libnetsnmp\.so\..*
135 136 UNUSED_RPATH /usr/sfw/lib.*\ from\ .*libgcc_s\.so\.1
136 137 UNUSED_RPATH /usr/ccs/lib.*\ from\ .*libgcc_s\.so\.1
137 138 UNUSED_RPATH /usr/lib.*\ from\ .*libgcc_s\.so\.1
138 139 UNUSED_RPATH /usr/postgres/8.3/lib.*\ from\ .*libpq\.so\.5
139 140 UNUSED_RPATH /usr/sfw/lib.*\ from\ .*libpq\.so\.5
140 141 UNUSED_RPATH /usr/lib.*\ from\ .*/usr/lib/mps
141 142 UNUSED_RPATH /usr/ccs/lib.*\ from\ .*/usr/lib/mps
142 143 UNUSED_RPATH /usr/gnu/lib.*\ from\ .*/usr/lib/libpython2\.6
143 144 UNUSED_RPATH /usr/gnu/lib.*\ from\ .*/usr/lib/64/libpython2\.6
144 145 UNUSED_RPATH /usr/snadm/lib.*\ from\ .*/usr/snadm/lib/libspmicommon\.so\.1
145 146
146 147
147 148 # Unused runpaths for reasons not captured above
148 149 UNUSED_RPATH /usr/lib/smbsrv.*\ from\ .*libsmb\.so\.1 # future needs
149 150 UNUSED_RPATH /usr.*\ from\ .*tst\.gcc\.exe # gcc built
150 151
151 152
152 153 # Unreferenced objects of non-OSnet objects we can't change
153 154 UNREF_OBJ /lib.*\ of\ .*libcimapi\.so
154 155 UNREF_OBJ /lib.*\ of\ .*libdbus-1\.so\.3
155 156 UNREF_OBJ /lib.*\ of\ .*libdbus-glib-1\.so\.2
156 157 UNREF_OBJ /lib.*\ of\ .*libgio-2.0\.so\.0
157 158 UNREF_OBJ /lib.*\ of\ .*libglib-2.0\.so\.0
158 159 UNREF_OBJ /lib.*\ of\ .*libgobject-2.0\.so\.0
159 160 UNREF_OBJ /lib.*\ of\ .*libgthread-2\.0\.so\.0
160 161 UNREF_OBJ /lib.*\ of\ .*libjvm\.so
161 162 UNREF_OBJ /lib.*\ of\ .*libnetsnmp\.so\..*
162 163 UNREF_OBJ /lib.*\ of\ .*libnetsnmpagent\.so\..*
163 164 UNREF_OBJ /lib.*\ of\ .*libnetsnmpmibs\.so\..*
164 165 UNREF_OBJ /lib.*\ of\ .*libnetsnmphelpers\.so\..*
165 166 UNREF_OBJ /lib.*\ of\ .*libnspr4\.so
166 167 UNREF_OBJ /lib.*\ of\ .*libpq\.so\.5
167 168 UNREF_OBJ /lib.*\ of\ .*libsoftokn3\.so
168 169 UNREF_OBJ /lib.*\ of\ .*libspmicommon\.so\.1
169 170 UNREF_OBJ /lib.*\ of\ .*libspmocommon\.so\.1
170 171 UNREF_OBJ /lib.*\ of\ .*libssl3\.so
171 172 UNREF_OBJ /lib.*\ of\ .*libtspi\.so\.1
172 173 UNREF_OBJ /lib.*\ of\ .*libxml2\.so\.2
173 174 UNREF_OBJ /lib.*\ of\ .*libxslt\.so\.1
174 175 UNREF_OBJ /lib.*\ of\ .*libpq\.so\.4
175 176 UNREF_OBJ /lib.*\ of\ .*libpython2\.4\.so\.1\.0
176 177 UNREF_OBJ /lib.*\ of\ .*libpython2\.6\.so\.1\.0
177 178 UNREF_OBJ /libgcc_s.*\ of\ .*libstdc\+\+\.so\.6
178 179 UNREF_OBJ /libgcc_s.*\ of\ .*libgmodule-2\.0\.so\.0
179 180
180 181 # Unreferenced object of objects we can't change for other reasons
181 182 UNREF_OBJ /libmapmalloc\.so\.1;\ unused\ dependency\ of # interposer
182 183 UNREF_OBJ /libstdc\+\+\.so\.6;\ unused\ dependency\ of # gcc build
183 184 UNREF_OBJ /libgcc_s\.so\.1.*\ of\ .*libstdc\+\+\.so\.6 # omnios gcc mix
184 185 UNREF_OBJ /libm\.so\.2.*\ of\ .*libstdc\+\+\.so\.6 # gcc build
185 186 UNREF_OBJ /lib.*\ of\ .*/lib/picl/plugins/ # picl
186 187 UNREF_OBJ /lib.*\ of\ .*kcfd # interposer
187 188 UNREF_OBJ /libpkcs11\.so\.1; .*\ of\ .*libkmf\.so\.1 # interposed
188 189 # Referenced by the Studio build, not the GCC build. GCC eliminates the unused
189 190 # statics which have the dependence.
190 191 UNREF_OBJ /libc\.so\.1.*\ of\ .*kldap\.so\.1
191 192
192 193
193 194 # Objects that used to contain system functionalty that has since
194 195 # migrated to libc. We preserve these libraries as pure filters for
195 196 # backward compatability but nothing needs to link to them.
196 197 OLDDEP libaio\.so\.1 # onnv build 44
197 198 OLDDEP libdl\.so\.1 # on10 build 49
198 199 OLDDEP libdoor\.so\.1 # onnv build 12
199 200 OLDDEP libintl\.so\.1 # on297 build 7
200 201 OLDDEP libpthread\.so\.1 # on10 build 53
201 202 OLDDEP librt\.so\.1 # onnv build 44
202 203 OLDDEP libsched\.so\.1 # on10 build 36
203 204 OLDDEP libthread\.so\.1 # on10 build 53
204 205 OLDDEP libw\.so\.1 # on297 build 7
205 206
206 207 # Files for which we skip checking of duplicate addresses in the
207 208 # symbol sort sections. Such exceptions should be rare --- most code will
208 209 # not have duplicate addresses, since it takes assember or a "#pragma weak"
209 210 # to do such aliasing in C. C++ is different: The compiler generates aliases
210 211 # for implementation reasons, and the mangled names used to encode argument
211 212 # and return value types are difficult to handle well in mapfiles.
212 213 # Furthermore, the Sun compiler and gcc use different and incompatible
213 214 # name mangling conventions. Since ON must be buildable by either, we
214 215 # would have to maintain two sets of mapfiles for each such object.
215 216 # C++ use is rare in ON, so this is not worth pursuing.
216 217 #
217 218 NOSYMSORT opt/SUNWdtrt/tst/common/pid/tst.weak2.exe # DTrace test
218 219 NOSYMSORT lib/amd64/libnsl\.so\.1 # C++
219 220 NOSYMSORT lib/sparcv9/libnsl\.so\.1 # C++
220 221 NOSYMSORT lib/sparcv9/libfru\.so\.1 # C++
221 222 NOSYMSORT usr/lib/lms # C++
222 223 NOSYMSORT ld\.so\.1 # libc_pic.a user
223 224 NOSYMSORT lib/libsun_fc\.so\.1 # C++
224 225 NOSYMSORT lib/amd64/libsun_fc\.so\.1 # C++
225 226 NOSYMSORT lib/sparcv9/libsun_fc\.so\.1 # C++
226 227 NOSYMSORT usr/lib/amd64/libfru\.so\.1 # C++
227 228
228 229
229 230 # The libprtdiag_psr.so.1 objects built under usr/src/lib/libprtdiag_psr
230 231 # are a family, all built using the same makefile, targeted at different
231 232 # sparc hardware variants. There are a small number of cases where this
232 233 # one size fits all approach causes an object to be linked against an
233 234 # unneeded library.
234 235 UNREF_OBJ lib/(libdevinfo|libcfgadm)\.so\.1; .*\ of\ .*SUNW,Netra-CP2300/lib/libprtdiag_psr\.so\.1
235 236
236 237
|
↓ open down ↓ |
152 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX