Print this page
Code review comments from jeffpc
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.
@@ -32,10 +32,11 @@
#include <stdio.h>
#include <string.h>
#include <sys/types.h>
#include <unistd.h>
#include <sys/corectl.h>
+#include <procfs.h>
#include <msg.h>
#include <_elfdump.h>
#include <struct_layout.h>
#include <conv.h>
@@ -164,11 +165,11 @@
static Word
extract_as_word(note_state_t *state, const sl_field_t *fdesc)
{
return (sl_extract_as_word(state->ns_data, state->ns_swap, fdesc));
}
-static Word
+static Lword
extract_as_lword(note_state_t *state, const sl_field_t *fdesc)
{
return (sl_extract_as_lword(state->ns_data, state->ns_swap, fdesc));
}
static int
@@ -434,10 +435,11 @@
union {
Conv_cap_val_hw1_buf_t hw1;
Conv_cap_val_hw2_buf_t hw2;
Conv_cnote_auxv_af_buf_t auxv_af;
Conv_ehdr_flags_buf_t ehdr_flags;
+ Conv_secflags_buf_t secflags;
Conv_inv_buf_t inv;
} conv_buf;
sl_fmtbuf_t buf;
int ndx, ndx_start;
Word sizeof_auxv;
@@ -825,10 +827,50 @@
MSG_ORIG(MSG_CNOTE_T_TV_NSEC), tv_nsec);
indent_exit(state);
}
+/*
+ * Output information from prsecflags_t structure.
+ */
+static void
+dump_secflags(note_state_t *state, const char *title)
+{
+ const sl_prsecflags_layout_t *layout = state->ns_arch->prsecflags;
+ Conv_secflags_buf_t inv;
+ Lword lw;
+ Word w;
+
+ indent_enter(state, title, &layout->pr_version);
+
+ w = extract_as_word(state, &layout->pr_version);
+
+ if (w != PRSECFLAGS_VERSION_1) {
+ PRINT_DEC(MSG_INTL(MSG_NOTE_BAD_SECFLAGS_VER), pr_version);
+ dump_hex_bytes(state->ns_data, state->ns_len, state->ns_indent,
+ 4, 3);
+ } else {
+ PRINT_DEC(MSG_ORIG(MSG_CNOTE_T_PR_VERSION), pr_version);
+ lw = extract_as_lword(state, &layout->pr_effective);
+ print_str(state, MSG_ORIG(MSG_CNOTE_T_PR_EFFECTIVE),
+ conv_prsecflags(lw, 0, &inv));
+
+ lw = extract_as_lword(state, &layout->pr_inherit);
+ print_str(state, MSG_ORIG(MSG_CNOTE_T_PR_INHERIT),
+ conv_prsecflags(lw, 0, &inv));
+
+ lw = extract_as_lword(state, &layout->pr_lower);
+ print_str(state, MSG_ORIG(MSG_CNOTE_T_PR_LOWER),
+ conv_prsecflags(lw, 0, &inv));
+
+ lw = extract_as_lword(state, &layout->pr_upper);
+ print_str(state, MSG_ORIG(MSG_CNOTE_T_PR_UPPER),
+ conv_prsecflags(lw, 0, &inv));
+ }
+
+ indent_exit(state);
+}
/*
* Output information from utsname structure.
*/
static void
@@ -1095,10 +1137,11 @@
* higher one for the pr_lwp sub-struct.
*/
state->ns_vcol += 5;
state->ns_t2col += 5;
state->ns_v2col += 5;
+
PRINT_SUBTYPE(MSG_ORIG(MSG_CNOTE_T_PR_LWP), pr_lwp, dump_lwpstatus);
state->ns_vcol -= 5;
state->ns_t2col -= 5;
state->ns_v2col -= 5;
@@ -1855,9 +1898,16 @@
state.ns_vcol = 25;
state.ns_t2col = 45;
state.ns_v2col = 58;
dump_psinfo(&state, MSG_ORIG(MSG_CNOTE_DESC_PSINFO_T));
return (CORENOTE_R_OK);
+
+ case NT_SECFLAGS:
+ state.ns_vcol = 23;
+ state.ns_t2col = 41;
+ state.ns_v2col = 54;
+ dump_secflags(&state, MSG_ORIG(MSG_CNOTE_DESC_PRSECFLAGS_T));
+ return (CORENOTE_R_OK);
}
return (CORENOTE_R_BADTYPE);
}