Print this page
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.

Split Close
Expand all
Collapse all
          --- old/usr/src/cmd/auditreduce/token.c
          +++ new/usr/src/cmd/auditreduce/token.c
↓ open down ↓ 1933 lines elided ↑ open up ↑
1934 1934  
1935 1935  int
1936 1936  privilege_token(adr_t *adr)
1937 1937  {
1938 1938          skip_string(adr);       /* set type name */
1939 1939          skip_string(adr);       /* privilege set */
1940 1940          return (-1);
1941 1941  }
1942 1942  
1943 1943  /*
     1944 + * Format of security flags token:
     1945 + *      security flag set               string
     1946 + *      security flags          string
     1947 + */
     1948 +
     1949 +int
     1950 +secflags_token(adr_t *adr)
     1951 +{
     1952 +        skip_string(adr);       /* set name */
     1953 +        skip_string(adr);       /* security flags */
     1954 +        return (-1);
     1955 +}
     1956 +
     1957 +/*
1944 1958   * Format of label token:
1945 1959   *      label ID                1 byte
1946 1960   *      compartment length      1 byte
1947 1961   *      classification          2 bytes
1948 1962   *      compartment words       <compartment length> * 4 bytes
1949 1963   */
1950 1964  int
1951 1965  label_token(adr_t *adr)
1952 1966  {
1953 1967          static m_label_t *label = NULL;
↓ open down ↓ 49 lines elided ↑ open up ↑
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX