Print this page
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.

*** 585,594 **** --- 585,605 ---- ARRAY_FIELD(prfdinfo_t, pr_path, 0); END; } + static void + gen_prsecflags(void) + { + START(prsecflags, prsecflags_t); + SCALAR_FIELD(prsecflags_t, pr_version, 0); + SCALAR_FIELD(prsecflags_t, pr_effective, 0); + SCALAR_FIELD(prsecflags_t, pr_inherit, 0); + SCALAR_FIELD(prsecflags_t, pr_lower, 0); + SCALAR_FIELD(prsecflags_t, pr_upper, 0); + END; + } /*ARGSUSED*/ int main(int argc, char *argv[]) {
*** 626,636 **** gen_stack(); gen_sysset(); gen_timestruc(); gen_utsname(); gen_prfdinfo(); ! /* * Generate the full arch_layout description */ (void) printf( --- 637,647 ---- gen_stack(); gen_sysset(); gen_timestruc(); gen_utsname(); gen_prfdinfo(); ! gen_prsecflags(); /* * Generate the full arch_layout description */ (void) printf(
*** 654,663 **** --- 665,675 ---- (void) printf(fmt, "stack"); (void) printf(fmt, "sysset"); (void) printf(fmt, "timestruc"); (void) printf(fmt, "utsname"); (void) printf(fmt, "prfdinfo"); + (void) printf(fmt, "prsecflags"); (void) printf("};\n"); /* * A public function, to make the information available */