Print this page
Code review comments from pmooney (sundry), and igork (screwups in zonecfg refactoring)
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.

Split Close
Expand all
Collapse all
          --- old/usr/src/uts/common/os/sysent.c
          +++ new/usr/src/uts/common/os/sysent.c
↓ open down ↓ 55 lines elided ↑ open up ↑
  56   56   * number of arguments expected, a switch that tells systrap()
  57   57   * in trap.c whether a setjmp() is not necessary, and a pointer
  58   58   * to the routine.
  59   59   */
  60   60  
  61   61  int     access(char *, int);
  62   62  int     alarm(int);
  63   63  int     auditsys(struct auditcalls *, rval_t *);
  64   64  int64_t brandsys(int, uintptr_t, uintptr_t, uintptr_t, uintptr_t, uintptr_t,
  65   65      uintptr_t);
  66      -int     brk(caddr_t);
       66 +intptr_t        brk(caddr_t);
  67   67  int     chdir(char *);
  68   68  int     chmod(char *, int);
  69   69  int     chown(char *, uid_t, gid_t);
  70   70  int     chroot(char *);
  71   71  int     cladm(int, int, void *);
  72   72  int     close(int);
  73   73  int     exece(const char *, const char **, const char **);
  74   74  int     faccessat(int, char *, int, int);
  75   75  int     fchmodat(int, char *, int, int);
  76   76  int     fchownat(int, char *, uid_t, gid_t, int);
↓ open down ↓ 28 lines elided ↑ open up ↑
 105  105  int     mount(long *, rval_t *);
 106  106  int     nice(int);
 107  107  int     nullsys();
 108  108  int     open(char *, int, int);
 109  109  int     openat(int, char *, int, int);
 110  110  int     pause();
 111  111  long    pcsample(void *, long);
 112  112  int     privsys(int, priv_op_t, priv_ptype_t, void *, size_t, int);
 113  113  int     profil(unsigned short *, size_t, ulong_t, uint_t);
 114  114  ssize_t pread(int, void *, size_t, off_t);
      115 +int     psecflags(procset_t *, psecflagwhich_t, secflagdelta_t *);
 115  116  ssize_t pwrite(int, void *, size_t, off_t);
 116  117  ssize_t read(int, void *, size_t);
 117  118  int     rename(char *, char *);
 118  119  int     renameat(int, char *, int, char *);
 119  120  void    rexit(int);
 120  121  int     semsys();
 121  122  int     setgid(gid_t);
 122  123  int     setpgrp(int, int, int);
 123  124  int     setuid(uid_t);
 124  125  uintptr_t       shmsys();
↓ open down ↓ 307 lines elided ↑ open up ↑
 432  433  
 433  434  /*
 434  435   * Native sysent table.
 435  436   */
 436  437  struct sysent sysent[NSYSCALL] =
 437  438  {
 438  439          /*  0 */ IF_LP64(
 439  440                          SYSENT_NOSYS(),
 440  441                          SYSENT_C("indir",       indir,          1)),
 441  442          /*  1 */ SYSENT_CI("exit",              rexit,          1),
 442      -        /*  2 */ SYSENT_LOADABLE(),                     /* (was forkall) */
      443 +        /*  2 */ SYSENT_CI("psecflags",         psecflags,      3),
 443  444          /*  3 */ SYSENT_CL("read",              read,           3),
 444  445          /*  4 */ SYSENT_CL("write",             write,          3),
 445  446          /*  5 */ SYSENT_CI("open",              open,           3),
 446  447          /*  6 */ SYSENT_CI("close",             close,          1),
 447  448          /*  7 */ SYSENT_CI("linkat",            linkat,         5),
 448  449          /*  8 */ SYSENT_LOADABLE(),                     /* (was creat) */
 449  450          /*  9 */ SYSENT_CI("link",              link,           2),
 450  451          /* 10 */ SYSENT_CI("unlink",            unlink,         1),
 451  452          /* 11 */ SYSENT_CI("symlinkat",         symlinkat,      3),
 452  453          /* 12 */ SYSENT_CI("chdir",             chdir,          1),
↓ open down ↓ 360 lines elided ↑ open up ↑
 813  814  extern int ucredsys32(int, int, caddr32_t);
 814  815  
 815  816  /*
 816  817   * sysent table for ILP32 processes running on
 817  818   * a LP64 kernel.
 818  819   */
 819  820  struct sysent sysent32[NSYSCALL] =
 820  821  {
 821  822          /*  0 */ SYSENT_C("indir",              indir,          1),
 822  823          /*  1 */ SYSENT_CI("exit",      (int (*)())rexit,       1),
 823      -        /*  2 */ SYSENT_LOADABLE32(),                   /* (was forkall) */
      824 +        /*  2 */ SYSENT_CI("psecflags",         psecflags,      3),
 824  825          /*  3 */ SYSENT_CI("read",              read32,         3),
 825  826          /*  4 */ SYSENT_CI("write",             write32,        3),
 826  827          /*  5 */ SYSENT_CI("open",              open32,         3),
 827  828          /*  6 */ SYSENT_CI("close",             close,          1),
 828  829          /*  7 */ SYSENT_CI("linkat",            linkat,         5),
 829  830          /*  8 */ SYSENT_LOADABLE32(),                   /* (was creat32) */
 830  831          /*  9 */ SYSENT_CI("link",              link,           2),
 831  832          /* 10 */ SYSENT_CI("unlink",            unlink,         1),
 832  833          /* 11 */ SYSENT_CI("symlinkat",         symlinkat,      3),
 833  834          /* 12 */ SYSENT_CI("chdir",             chdir,          1),
↓ open down ↓ 373 lines elided ↑ open up ↑
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX