Print this page
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.

*** 92,111 **** } mutex_exit(&fip->fi_lock); v[0].p_type = PT_NOTE; v[0].p_flags = PF_R; ! v[0].p_filesz = (sizeof (Note) * (9 + 2 * nlwp + nzomb + nfd)) + roundup(sizeof (psinfo_t), sizeof (Word)) + roundup(sizeof (pstatus_t), sizeof (Word)) + roundup(prgetprivsize(), sizeof (Word)) + roundup(priv_get_implinfo_size(), sizeof (Word)) + roundup(strlen(platform) + 1, sizeof (Word)) + roundup(strlen(p->p_zone->zone_name) + 1, sizeof (Word)) + roundup(__KERN_NAUXV_IMPL * sizeof (aux_entry_t), sizeof (Word)) + roundup(sizeof (utsname), sizeof (Word)) + roundup(sizeof (core_content_t), sizeof (Word)) + (nlwp + nzomb) * roundup(sizeof (lwpsinfo_t), sizeof (Word)) + nlwp * roundup(sizeof (lwpstatus_t), sizeof (Word)) + nfd * roundup(sizeof (prfdinfo_t), sizeof (Word)); if (curproc->p_agenttp != NULL) { --- 92,112 ---- } mutex_exit(&fip->fi_lock); v[0].p_type = PT_NOTE; v[0].p_flags = PF_R; ! v[0].p_filesz = (sizeof (Note) * (10 + 2 * nlwp + nzomb + nfd)) + roundup(sizeof (psinfo_t), sizeof (Word)) + roundup(sizeof (pstatus_t), sizeof (Word)) + roundup(prgetprivsize(), sizeof (Word)) + roundup(priv_get_implinfo_size(), sizeof (Word)) + roundup(strlen(platform) + 1, sizeof (Word)) + roundup(strlen(p->p_zone->zone_name) + 1, sizeof (Word)) + roundup(__KERN_NAUXV_IMPL * sizeof (aux_entry_t), sizeof (Word)) + roundup(sizeof (utsname), sizeof (Word)) + roundup(sizeof (core_content_t), sizeof (Word)) + + roundup(sizeof (prsecflags_t), sizeof (Word)) + (nlwp + nzomb) * roundup(sizeof (lwpsinfo_t), sizeof (Word)) + nlwp * roundup(sizeof (lwpstatus_t), sizeof (Word)) + nfd * roundup(sizeof (prfdinfo_t), sizeof (Word)); if (curproc->p_agenttp != NULL) {
*** 180,189 **** --- 181,191 ---- aux_entry_t auxv[__KERN_NAUXV_IMPL]; prcred_t pcred; prpriv_t ppriv; priv_impl_info_t prinfo; struct utsname uts; + prsecflags_t psecflags; } *bigwad; size_t xregsize = prhasx(p)? prgetprxregsize(p) : 0; size_t crsize = sizeof (prcred_t) + sizeof (gid_t) * (ngroups_max - 1); size_t psize = prgetprivsize();
*** 285,294 **** --- 287,302 ---- error = elfnote(vp, &offset, NT_UTSNAME, sizeof (struct utsname), (caddr_t)&bigwad->uts, rlimit, credp); if (error) goto done; + prgetsecflags(p, &bigwad->psecflags); + error = elfnote(vp, &offset, NT_SECFLAGS, sizeof (prsecflags_t), + (caddr_t)&bigwad->psecflags, rlimit, credp); + if (error) + goto done; + prgetcred(p, &bigwad->pcred); if (bigwad->pcred.pr_ngroups != 0) { crsize = sizeof (prcred_t) + sizeof (gid_t) * (bigwad->pcred.pr_ngroups - 1);