Print this page
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.

@@ -65,10 +65,11 @@
 #include <sys/tspriocntl.h>
 #include <sys/iapriocntl.h>
 #include <sys/rtpriocntl.h>
 #include <sys/fsspriocntl.h>
 #include <sys/fxpriocntl.h>
+#include <sys/proc.h>
 #include <netdb.h>
 #include <nss_dbdefs.h>
 #include <sys/socketvar.h>
 #include <netinet/in.h>
 #include <netinet/tcp.h>

@@ -1598,10 +1599,102 @@
         }
 
         prt_dec(pri, 0, PC_KY_NULL);
 }
 
+
+void
+prt_psflags(private_t *pri, secflagset_t val)
+{
+        char str[1024];
+
+        if (val == 0) {
+                outstring(pri, "0x0");
+                return;
+        }
+
+        *str = '\0';
+        if (secflag_isset(val, PROC_SEC_ASLR)) {
+                (void) strlcat(str, "|PROC_SEC_ASLR", sizeof (str));
+                secflag_clear(&val, PROC_SEC_ASLR);
+        }
+        if (secflag_isset(val, PROC_SEC_FORBIDNULLMAP)) {
+                (void) strlcat(str, "|PROC_SEC_FORBIDNULLMAP",
+                    sizeof (str));
+                secflag_clear(&val, PROC_SEC_FORBIDNULLMAP);
+        }
+        if (secflag_isset(val, PROC_SEC_NOEXECSTACK)) {
+                (void) strlcat(str, "|PROC_SEC_NOEXECSTACK",
+                    sizeof (str));
+                secflag_clear(&val, PROC_SEC_NOEXECSTACK);
+        }
+
+        if (val != 0)
+                (void) snprintf(str, sizeof (str), "%s|%#x", str, val);
+
+        outstring(pri, str + 1);
+}
+
+/*
+ * Print a psecflags(2) delta
+ */
+void
+prt_psdelta(private_t *pri, int raw, long value)
+{
+        secflagdelta_t psd;
+
+        if ((raw != 0) ||
+            (Pread(Proc, &psd, sizeof (psd), value) != sizeof (psd))) {
+                prt_hex(pri, 0, value);
+                return;
+        }
+        outstring(pri, "{ ");
+        prt_psflags(pri, psd.psd_add);
+        outstring(pri, ", ");
+        prt_psflags(pri, psd.psd_rem);
+        outstring(pri, ", ");
+        prt_psflags(pri, psd.psd_assign);
+        outstring(pri, ", ");
+        outstring(pri, psd.psd_ass_active ? "B_TRUE" : "B_FALSE");
+        outstring(pri, " }");
+}
+
+/*
+ * Print a psecflagswhich_t
+ */
+void
+prt_psfw(private_t *pri, int raw, long value)
+{
+        psecflagwhich_t which = (psecflagwhich_t)value;
+        char *s;
+
+        if (raw != 0) {
+                prt_dec(pri, 0, value);
+                return;
+        }
+
+        switch (which) {
+        case PSF_EFFECTIVE:
+                s = "PSF_EFFECTIVE";
+                break;
+        case PSF_INHERIT:
+                s = "PSF_INHERIT";
+                break;
+        case PSF_LOWER:
+                s = "PSF_LOWER";
+                break;
+        case PSF_UPPER:
+                s = "PSF_UPPER";
+                break;
+        }
+
+        if (s == NULL)
+                prt_dec(pri, 0, value);
+        else
+                outstring(pri, s);
+}
+
 /*
  * Print processor set id, including logical expansion of "special" ids.
  */
 void
 prt_pst(private_t *pri, int raw, long val)

@@ -2872,7 +2965,9 @@
         prt_snf,        /* SNF -- print AT_SYMLINK_[NO]FOLLOW flag */
         prt_skc,        /* SKC -- print sockconfig() subcode */
         prt_acf,        /* ACF -- print accept4 flags */
         prt_pfd,        /* PFD -- print pipe fds */
         prt_grf,        /* GRF -- print getrandom flags */
+        prt_psdelta,    /* PSDLT -- print psecflags(2) delta */
+        prt_psfw,       /* PSFW -- print psecflags(2) set */
         prt_dec,        /* HID -- hidden argument, make this the last one */
 };