Print this page
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.

Split Close
Expand all
Collapse all
          --- old/usr/src/uts/common/sys/priv_impl.h
          +++ new/usr/src/uts/common/sys/priv_impl.h
↓ open down ↓ 19 lines elided ↑ open up ↑
  20   20   * CDDL HEADER END
  21   21   */
  22   22  /*
  23   23   * Copyright 2003 Sun Microsystems, Inc.  All rights reserved.
  24   24   * Use is subject to license terms.
  25   25   */
  26   26  
  27   27  #ifndef _SYS_PRIV_IMPL_H
  28   28  #define _SYS_PRIV_IMPL_H
  29   29  
  30      -#pragma ident   "%Z%%M% %I%     %E% SMI"
  31      -
  32   30  #include <sys/priv_const.h>
  33   31  #include <sys/priv.h>
  34   32  
  35   33  #ifdef  __cplusplus
  36   34  extern "C" {
  37   35  #endif
  38   36  
  39   37  #if defined(_KERNEL) || defined(_KMEMUSER)
  40   38  /*
  41   39   * priv_set_t is a structure holding a set of privileges
↓ open down ↓ 47 lines elided ↑ open up ↑
  89   87  #ifndef NBBY
  90   88  #define NBBY            8
  91   89  #endif
  92   90  
  93   91  #define __NBWRD         (NBBY * sizeof (priv_chunk_t))
  94   92  
  95   93  #define privmask(n)     (1U << ((__NBWRD - 1) - ((n) % __NBWRD)))
  96   94  #define privword(n)     ((n)/__NBWRD)
  97   95  
  98   96  /*
  99      - * PRIV_ASSERT(a, b) sets privilege "b" in privilege set "a".
 100      - * PRIV_CLEAR(a,b) clears privilege "b" in privilege set "a".
 101      - * PRIV_ISASSERT tests if privilege 'b' is asserted in privilege set 'a'.
       97 + * PRIV_ADDSET(a, b) sets privilege "b" in privilege set "a".
       98 + * PRIV_DELSET(a, b) clears privilege "b" in privilege set "a".
       99 + * PRIV_ISMEMBER(a, b) tests if privilege 'b' is asserted in privilege set 'a'.
 102  100   */
 103  101  
 104      -#define __PRIV_ASSERT(a, b)     ((a)->pbits[privword(b)] |= privmask(b))
 105      -#define __PRIV_CLEAR(a, b)      ((a)->pbits[privword(b)] &= ~privmask(b))
 106      -#define __PRIV_ISASSERT(a, b)   ((a)->pbits[privword(b)] & privmask(b))
      102 +#define __PRIV_ADDSET(a, b)     ((a)->pbits[privword(b)] |= privmask(b))
      103 +#define __PRIV_DELSET(a, b)     ((a)->pbits[privword(b)] &= ~privmask(b))
      104 +#define __PRIV_ISMEMBER(a, b)   ((a)->pbits[privword(b)] & privmask(b))
 107  105  
 108  106  #ifdef DEBUG
 109      -#define PRIV_CLEAR(a, b)        priv_delset((a), (b))
 110      -#define PRIV_ASSERT(a, b)       priv_addset((a), (b))
 111      -#define PRIV_ISASSERT(a, b)     priv_ismember((a), (b))
      107 +#define PRIV_DELSET(a, b)       priv_delset((a), (b))
      108 +#define PRIV_ADDSET(a, b)       priv_addset((a), (b))
      109 +#define PRIV_ISMEMBER(a, b)     priv_ismember((a), (b))
 112  110  #else
 113      -#define PRIV_CLEAR(a, b)        __PRIV_CLEAR((a), (b))
 114      -#define PRIV_ASSERT(a, b)       __PRIV_ASSERT((a), (b))
 115      -#define PRIV_ISASSERT(a, b)     __PRIV_ISASSERT((a), (b))
      111 +#define PRIV_DELSET(a, b)       __PRIV_DELSET((a), (b))
      112 +#define PRIV_ADDSET(a, b)       __PRIV_ADDSET((a), (b))
      113 +#define PRIV_ISMEMBER(a, b)     __PRIV_ISMEMBER((a), (b))
 116  114  #endif
 117  115  
 118  116  #endif /* _KERNEL */
 119  117  
 120  118  #ifdef  __cplusplus
 121  119  }
 122  120  #endif
 123  121  
 124  122  #endif  /* _SYS_PRIV_IMPL_H */
    
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX