Print this page
Code review comments from jeffpc
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.

@@ -62,10 +62,11 @@
 #include <sys/pset.h>
 #include <sys/procfs_isa.h>
 #include <sys/priv.h>
 #include <sys/stat.h>
 #include <sys/param.h>
+#include <sys/secflags.h>
 
 /*
  * System call interfaces for /proc.
  */
 

@@ -396,10 +397,21 @@
         uint32_t        pr_setsize;             /* size of privilege set */
         uint32_t        pr_infosize;            /* size of supplementary data */
         priv_chunk_t    pr_sets[1];             /* array of sets */
 } prpriv_t;
 
+#define PRSECFLAGS_VERSION_1            1
+#define PRSECFLAGS_VERSION_CURRENT      PRSECFLAGS_VERSION_1
+typedef struct prsecflags {
+        uint32_t pr_version;
+        char pr_pad[4];
+        secflagset_t pr_effective;
+        secflagset_t pr_inherit;
+        secflagset_t pr_lower;
+        secflagset_t pr_upper;
+} prsecflags_t;
+
 /*
  * Watchpoint interface.  PCWATCH and /proc/<pid>/watch
  */
 typedef struct prwatch {
         uintptr_t pr_vaddr;     /* virtual address of watched area */