il_7029-3 Cdiff usr/src/man/man4/proc.4

Print this page

Code review comments from jeffpc
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.


*** 838,847 ****
--- 838,864 ----
  
  
         The full size of the structure can be computed using
         PRIV_PRPRIV_SIZE(prpriv_t *).
  
+    secflags
+        This file contains the security-flags of the process.  It contains a
+        description of the security flags associated with the process.
+ 
+          typedef struct prsecflags {
+               uint32_t pr_version;          /* ABI Versioning of this structure */
+               secflagset_t pr_effective;    /* Effective flags */
+               secflagset_t pr_inherit; /* Inheritable flags */
+               secflagset_t pr_lower;        /* Lower flags */
+               secflagset_t pr_upper;        /* Upper flags */
+          } prsecflags_t;
+ 
+ 
+ 
+        The pr_version field is a version number for the structure, currently
+        PRSECFLAGS_VERSION_1.
+ 
     sigact
         Contains an array of sigaction structures describing the current
         dispositions of all signals associated with the traced process (see
         sigaction(2)). Signal numbers are displaced by 1 from array indices, so
         that the action for signal number n appears in position n-1 of the
*** 2185,2195 ****
         readlink(2), readv(2), shmget(2), sigaction(2), sigaltstack(2),
         vfork(2), write(2), writev(2), _stack_grow(3C), readdir(3C),
         pthread_create(3C), pthread_join(3C), siginfo.h(3HEAD),
         signal.h(3HEAD), thr_create(3C), thr_join(3C), types32.h(3HEAD),
         ucontext.h(3HEAD), wait(3C), contract(4), core(4), process(4),
!        lfcompile(5), privileges(5)
  
  DIAGNOSTICS
         Errors that can occur in addition to the errors normally associated
         with file system access:
  
--- 2202,2212 ----
         readlink(2), readv(2), shmget(2), sigaction(2), sigaltstack(2),
         vfork(2), write(2), writev(2), _stack_grow(3C), readdir(3C),
         pthread_create(3C), pthread_join(3C), siginfo.h(3HEAD),
         signal.h(3HEAD), thr_create(3C), thr_join(3C), types32.h(3HEAD),
         ucontext.h(3HEAD), wait(3C), contract(4), core(4), process(4),
!        lfcompile(5), privileges(5), security-flags(5)
  
  DIAGNOSTICS
         Errors that can occur in addition to the errors normally associated
         with file system access:
  
*** 2318,2323 ****
         <sys/regset.h> are similar to but not the same as the types prgregset_t
         and prfpregset_t defined in <procfs.h>.
  
  
  
!                                 March 31, 2013                         PROC(4)
--- 2335,2340 ----
         <sys/regset.h> are similar to but not the same as the types prgregset_t
         and prfpregset_t defined in <procfs.h>.
  
  
  
!                                  June 6, 2016                          PROC(4)