Print this page
Code review comments from pmooney (sundry), and igork (screwups in zonecfg refactoring)
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.
*** 61,71 ****
int access(char *, int);
int alarm(int);
int auditsys(struct auditcalls *, rval_t *);
int64_t brandsys(int, uintptr_t, uintptr_t, uintptr_t, uintptr_t, uintptr_t,
uintptr_t);
! int brk(caddr_t);
int chdir(char *);
int chmod(char *, int);
int chown(char *, uid_t, gid_t);
int chroot(char *);
int cladm(int, int, void *);
--- 61,71 ----
int access(char *, int);
int alarm(int);
int auditsys(struct auditcalls *, rval_t *);
int64_t brandsys(int, uintptr_t, uintptr_t, uintptr_t, uintptr_t, uintptr_t,
uintptr_t);
! intptr_t brk(caddr_t);
int chdir(char *);
int chmod(char *, int);
int chown(char *, uid_t, gid_t);
int chroot(char *);
int cladm(int, int, void *);
*** 110,119 ****
--- 110,120 ----
int pause();
long pcsample(void *, long);
int privsys(int, priv_op_t, priv_ptype_t, void *, size_t, int);
int profil(unsigned short *, size_t, ulong_t, uint_t);
ssize_t pread(int, void *, size_t, off_t);
+ int psecflags(procset_t *, psecflagwhich_t, secflagdelta_t *);
ssize_t pwrite(int, void *, size_t, off_t);
ssize_t read(int, void *, size_t);
int rename(char *, char *);
int renameat(int, char *, int, char *);
void rexit(int);
*** 437,447 ****
{
/* 0 */ IF_LP64(
SYSENT_NOSYS(),
SYSENT_C("indir", indir, 1)),
/* 1 */ SYSENT_CI("exit", rexit, 1),
! /* 2 */ SYSENT_LOADABLE(), /* (was forkall) */
/* 3 */ SYSENT_CL("read", read, 3),
/* 4 */ SYSENT_CL("write", write, 3),
/* 5 */ SYSENT_CI("open", open, 3),
/* 6 */ SYSENT_CI("close", close, 1),
/* 7 */ SYSENT_CI("linkat", linkat, 5),
--- 438,448 ----
{
/* 0 */ IF_LP64(
SYSENT_NOSYS(),
SYSENT_C("indir", indir, 1)),
/* 1 */ SYSENT_CI("exit", rexit, 1),
! /* 2 */ SYSENT_CI("psecflags", psecflags, 3),
/* 3 */ SYSENT_CL("read", read, 3),
/* 4 */ SYSENT_CL("write", write, 3),
/* 5 */ SYSENT_CI("open", open, 3),
/* 6 */ SYSENT_CI("close", close, 1),
/* 7 */ SYSENT_CI("linkat", linkat, 5),
*** 818,828 ****
*/
struct sysent sysent32[NSYSCALL] =
{
/* 0 */ SYSENT_C("indir", indir, 1),
/* 1 */ SYSENT_CI("exit", (int (*)())rexit, 1),
! /* 2 */ SYSENT_LOADABLE32(), /* (was forkall) */
/* 3 */ SYSENT_CI("read", read32, 3),
/* 4 */ SYSENT_CI("write", write32, 3),
/* 5 */ SYSENT_CI("open", open32, 3),
/* 6 */ SYSENT_CI("close", close, 1),
/* 7 */ SYSENT_CI("linkat", linkat, 5),
--- 819,829 ----
*/
struct sysent sysent32[NSYSCALL] =
{
/* 0 */ SYSENT_C("indir", indir, 1),
/* 1 */ SYSENT_CI("exit", (int (*)())rexit, 1),
! /* 2 */ SYSENT_CI("psecflags", psecflags, 3),
/* 3 */ SYSENT_CI("read", read32, 3),
/* 4 */ SYSENT_CI("write", write32, 3),
/* 5 */ SYSENT_CI("open", open32, 3),
/* 6 */ SYSENT_CI("close", close, 1),
/* 7 */ SYSENT_CI("linkat", linkat, 5),