Print this page
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.

Split Close
Expand all
Collapse all
          --- old/usr/src/cmd/truss/print.c
          +++ new/usr/src/cmd/truss/print.c
↓ open down ↓ 59 lines elided ↑ open up ↑
  60   60  #include <sys/aio.h>
  61   61  #include <sys/aiocb.h>
  62   62  #include <sys/corectl.h>
  63   63  #include <sys/cpc_impl.h>
  64   64  #include <sys/priocntl.h>
  65   65  #include <sys/tspriocntl.h>
  66   66  #include <sys/iapriocntl.h>
  67   67  #include <sys/rtpriocntl.h>
  68   68  #include <sys/fsspriocntl.h>
  69   69  #include <sys/fxpriocntl.h>
       70 +#include <sys/proc.h>
  70   71  #include <netdb.h>
  71   72  #include <nss_dbdefs.h>
  72   73  #include <sys/socketvar.h>
  73   74  #include <netinet/in.h>
  74   75  #include <netinet/tcp.h>
  75   76  #include <netinet/udp.h>
  76   77  #include <netinet/sctp.h>
  77   78  #include <net/route.h>
  78   79  #include <sys/utrap.h>
  79   80  #include <sys/lgrp_user.h>
↓ open down ↓ 1513 lines elided ↑ open up ↑
1593 1594          for (; cnt--; vpp++) {
1594 1595                  print_pck(pri, 0, vpp->pc_key);
1595 1596                  outstring(pri, ", ");
1596 1597                  prt_hex(pri, 0, (long)vpp->pc_parm);
1597 1598                  outstring(pri, ", ");
1598 1599          }
1599 1600  
1600 1601          prt_dec(pri, 0, PC_KY_NULL);
1601 1602  }
1602 1603  
     1604 +
     1605 +void
     1606 +prt_psflags(private_t *pri, secflagset_t val)
     1607 +{
     1608 +        char str[1024];
     1609 +
     1610 +        if (val == 0) {
     1611 +                outstring(pri, "0x0");
     1612 +                return;
     1613 +        }
     1614 +
     1615 +        *str = '\0';
     1616 +        if (secflag_isset(val, PROC_SEC_ASLR)) {
     1617 +                (void) strlcat(str, "|PROC_SEC_ASLR", sizeof (str));
     1618 +                secflag_clear(&val, PROC_SEC_ASLR);
     1619 +        }
     1620 +        if (secflag_isset(val, PROC_SEC_FORBIDNULLMAP)) {
     1621 +                (void) strlcat(str, "|PROC_SEC_FORBIDNULLMAP",
     1622 +                    sizeof (str));
     1623 +                secflag_clear(&val, PROC_SEC_FORBIDNULLMAP);
     1624 +        }
     1625 +        if (secflag_isset(val, PROC_SEC_NOEXECSTACK)) {
     1626 +                (void) strlcat(str, "|PROC_SEC_NOEXECSTACK",
     1627 +                    sizeof (str));
     1628 +                secflag_clear(&val, PROC_SEC_NOEXECSTACK);
     1629 +        }
     1630 +
     1631 +        if (val != 0)
     1632 +                (void) snprintf(str, sizeof (str), "%s|%#x", str, val);
     1633 +
     1634 +        outstring(pri, str + 1);
     1635 +}
     1636 +
     1637 +/*
     1638 + * Print a psecflags(2) delta
     1639 + */
     1640 +void
     1641 +prt_psdelta(private_t *pri, int raw, long value)
     1642 +{
     1643 +        secflagdelta_t psd;
     1644 +
     1645 +        if ((raw != 0) ||
     1646 +            (Pread(Proc, &psd, sizeof (psd), value) != sizeof (psd))) {
     1647 +                prt_hex(pri, 0, value);
     1648 +                return;
     1649 +        }
     1650 +        outstring(pri, "{ ");
     1651 +        prt_psflags(pri, psd.psd_add);
     1652 +        outstring(pri, ", ");
     1653 +        prt_psflags(pri, psd.psd_rem);
     1654 +        outstring(pri, ", ");
     1655 +        prt_psflags(pri, psd.psd_assign);
     1656 +        outstring(pri, ", ");
     1657 +        outstring(pri, psd.psd_ass_active ? "B_TRUE" : "B_FALSE");
     1658 +        outstring(pri, " }");
     1659 +}
     1660 +
     1661 +/*
     1662 + * Print a psecflagswhich_t
     1663 + */
     1664 +void
     1665 +prt_psfw(private_t *pri, int raw, long value)
     1666 +{
     1667 +        psecflagwhich_t which = (psecflagwhich_t)value;
     1668 +        char *s;
     1669 +
     1670 +        if (raw != 0) {
     1671 +                prt_dec(pri, 0, value);
     1672 +                return;
     1673 +        }
     1674 +
     1675 +        switch (which) {
     1676 +        case PSF_EFFECTIVE:
     1677 +                s = "PSF_EFFECTIVE";
     1678 +                break;
     1679 +        case PSF_INHERIT:
     1680 +                s = "PSF_INHERIT";
     1681 +                break;
     1682 +        case PSF_LOWER:
     1683 +                s = "PSF_LOWER";
     1684 +                break;
     1685 +        case PSF_UPPER:
     1686 +                s = "PSF_UPPER";
     1687 +                break;
     1688 +        }
     1689 +
     1690 +        if (s == NULL)
     1691 +                prt_dec(pri, 0, value);
     1692 +        else
     1693 +                outstring(pri, s);
     1694 +}
     1695 +
1603 1696  /*
1604 1697   * Print processor set id, including logical expansion of "special" ids.
1605 1698   */
1606 1699  void
1607 1700  prt_pst(private_t *pri, int raw, long val)
1608 1701  {
1609 1702          const char *s = NULL;
1610 1703  
1611 1704          if (!raw) {
1612 1705                  switch ((psetid_t)val) {
↓ open down ↓ 1254 lines elided ↑ open up ↑
2867 2960          prt_rcf,        /* RCF -- print rctlsys_ctl() flags */
2868 2961          prt_fxf,        /* FXF -- print forkx() flags */
2869 2962          prt_spf,        /* SPF -- print rctlsys_projset() flags */
2870 2963          prt_un1,        /* UN1 -- as prt_uns except for -1 */
2871 2964          prt_mob,        /* MOB -- print mmapobj() flags */
2872 2965          prt_snf,        /* SNF -- print AT_SYMLINK_[NO]FOLLOW flag */
2873 2966          prt_skc,        /* SKC -- print sockconfig() subcode */
2874 2967          prt_acf,        /* ACF -- print accept4 flags */
2875 2968          prt_pfd,        /* PFD -- print pipe fds */
2876 2969          prt_grf,        /* GRF -- print getrandom flags */
     2970 +        prt_psdelta,    /* PSDLT -- print psecflags(2) delta */
     2971 +        prt_psfw,       /* PSFW -- print psecflags(2) set */
2877 2972          prt_dec,        /* HID -- hidden argument, make this the last one */
2878 2973  };
    
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX