Print this page
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.

*** 52,61 **** --- 52,62 ---- #include <sys/stack.h> #include <sys/fault.h> #include <sys/syscall.h> #include <sys/sysmacros.h> #include <sys/systeminfo.h> + #include <sys/secflags.h> #include "libproc.h" #include "Pcontrol.h" #include "Putil.h" #include "P32ton.h"
*** 174,183 **** --- 175,191 ---- Pcred_live(struct ps_prochandle *P, prcred_t *pcrp, int ngroups, void *data) { return (proc_get_cred(P->pid, pcrp, ngroups)); } + /* ARGSUSED */ + static int + Psecflags_live(struct ps_prochandle *P, prsecflags_t **psf, void *data) + { + return (proc_get_secflags(P->pid, psf)); + } + /*ARGSUSED*/ static int Ppriv_live(struct ps_prochandle *P, prpriv_t **pprv, void *data) { prpriv_t *pp;
*** 324,333 **** --- 332,342 ---- .pop_lpsinfo = Plpsinfo_live, .pop_platform = Pplatform_live, .pop_uname = Puname_live, .pop_zonename = Pzonename_live, .pop_execname = Pexecname_live, + .pop_secflags = Psecflags_live, #if defined(__i386) || defined(__amd64) .pop_ldt = Pldt_live #endif };
*** 1291,1300 **** --- 1300,1331 ---- Pcred(struct ps_prochandle *P, prcred_t *pcrp, int ngroups) { return (P->ops.pop_cred(P, pcrp, ngroups, P->data)); } + /* Return an allocated prsecflags_t */ + int + Psecflags(struct ps_prochandle *P, prsecflags_t **psf) + { + int ret; + + if ((ret = P->ops.pop_secflags(P, psf, P->data)) == 0) { + if ((*psf)->pr_version != PRSECFLAGS_VERSION_1) { + errno = EINVAL; + return (-1); + } + } + + return (ret); + } + + void + Psecflags_free(prsecflags_t *psf) + { + free(psf); + } + static prheader_t * Plstatus(struct ps_prochandle *P) { return (P->ops.pop_lstatus(P, P->data)); }