Print this page
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.

*** 87,98 **** #else int alloc_test_priv = priv_debug; #endif rw_init(&privinfo_lock, NULL, RW_DRIVER, NULL); ! PRIV_BASIC_ASSERT(priv_basic); ! PRIV_UNSAFE_ASSERT(&priv_unsafe); priv_fillset(&priv_fullset); /* * When booting with priv_debug set or in a DEBUG kernel, then we'll * add an additional basic privilege and we verify that it is always --- 87,98 ---- #else int alloc_test_priv = priv_debug; #endif rw_init(&privinfo_lock, NULL, RW_DRIVER, NULL); ! PRIV_BASIC_ADDSET(priv_basic); ! PRIV_UNSAFE_ADDSET(&priv_unsafe); priv_fillset(&priv_fullset); /* * When booting with priv_debug set or in a DEBUG kernel, then we'll * add an additional basic privilege and we verify that it is always
*** 478,502 **** void priv_addset(priv_set_t *set, int priv) { ASSERT(priv >= 0 && priv < MAX_PRIVILEGE); ! __PRIV_ASSERT(set, priv); } void priv_delset(priv_set_t *set, int priv) { ASSERT(priv >= 0 && priv < MAX_PRIVILEGE); ! __PRIV_CLEAR(set, priv); } boolean_t priv_ismember(const priv_set_t *set, int priv) { ASSERT(priv >= 0 && priv < MAX_PRIVILEGE); ! return (__PRIV_ISASSERT(set, priv) ? B_TRUE : B_FALSE); } #define PRIV_TEST_BODY(test) \ int i; \ \ --- 478,502 ---- void priv_addset(priv_set_t *set, int priv) { ASSERT(priv >= 0 && priv < MAX_PRIVILEGE); ! __PRIV_ADDSET(set, priv); } void priv_delset(priv_set_t *set, int priv) { ASSERT(priv >= 0 && priv < MAX_PRIVILEGE); ! __PRIV_DELSET(set, priv); } boolean_t priv_ismember(const priv_set_t *set, int priv) { ASSERT(priv >= 0 && priv < MAX_PRIVILEGE); ! return (__PRIV_ISMEMBER(set, priv) ? B_TRUE : B_FALSE); } #define PRIV_TEST_BODY(test) \ int i; \ \