Print this page
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.
*** 65,74 ****
--- 65,75 ----
#include <sys/tspriocntl.h>
#include <sys/iapriocntl.h>
#include <sys/rtpriocntl.h>
#include <sys/fsspriocntl.h>
#include <sys/fxpriocntl.h>
+ #include <sys/proc.h>
#include <netdb.h>
#include <nss_dbdefs.h>
#include <sys/socketvar.h>
#include <netinet/in.h>
#include <netinet/tcp.h>
*** 1598,1607 ****
--- 1599,1700 ----
}
prt_dec(pri, 0, PC_KY_NULL);
}
+
+ void
+ prt_psflags(private_t *pri, secflagset_t val)
+ {
+ char str[1024];
+
+ if (val == 0) {
+ outstring(pri, "0x0");
+ return;
+ }
+
+ *str = '\0';
+ if (secflag_isset(val, PROC_SEC_ASLR)) {
+ (void) strlcat(str, "|PROC_SEC_ASLR", sizeof (str));
+ secflag_clear(&val, PROC_SEC_ASLR);
+ }
+ if (secflag_isset(val, PROC_SEC_FORBIDNULLMAP)) {
+ (void) strlcat(str, "|PROC_SEC_FORBIDNULLMAP",
+ sizeof (str));
+ secflag_clear(&val, PROC_SEC_FORBIDNULLMAP);
+ }
+ if (secflag_isset(val, PROC_SEC_NOEXECSTACK)) {
+ (void) strlcat(str, "|PROC_SEC_NOEXECSTACK",
+ sizeof (str));
+ secflag_clear(&val, PROC_SEC_NOEXECSTACK);
+ }
+
+ if (val != 0)
+ (void) snprintf(str, sizeof (str), "%s|%#x", str, val);
+
+ outstring(pri, str + 1);
+ }
+
+ /*
+ * Print a psecflags(2) delta
+ */
+ void
+ prt_psdelta(private_t *pri, int raw, long value)
+ {
+ secflagdelta_t psd;
+
+ if ((raw != 0) ||
+ (Pread(Proc, &psd, sizeof (psd), value) != sizeof (psd))) {
+ prt_hex(pri, 0, value);
+ return;
+ }
+ outstring(pri, "{ ");
+ prt_psflags(pri, psd.psd_add);
+ outstring(pri, ", ");
+ prt_psflags(pri, psd.psd_rem);
+ outstring(pri, ", ");
+ prt_psflags(pri, psd.psd_assign);
+ outstring(pri, ", ");
+ outstring(pri, psd.psd_ass_active ? "B_TRUE" : "B_FALSE");
+ outstring(pri, " }");
+ }
+
+ /*
+ * Print a psecflagswhich_t
+ */
+ void
+ prt_psfw(private_t *pri, int raw, long value)
+ {
+ psecflagwhich_t which = (psecflagwhich_t)value;
+ char *s;
+
+ if (raw != 0) {
+ prt_dec(pri, 0, value);
+ return;
+ }
+
+ switch (which) {
+ case PSF_EFFECTIVE:
+ s = "PSF_EFFECTIVE";
+ break;
+ case PSF_INHERIT:
+ s = "PSF_INHERIT";
+ break;
+ case PSF_LOWER:
+ s = "PSF_LOWER";
+ break;
+ case PSF_UPPER:
+ s = "PSF_UPPER";
+ break;
+ }
+
+ if (s == NULL)
+ prt_dec(pri, 0, value);
+ else
+ outstring(pri, s);
+ }
+
/*
* Print processor set id, including logical expansion of "special" ids.
*/
void
prt_pst(private_t *pri, int raw, long val)
*** 2872,2878 ****
--- 2965,2973 ----
prt_snf, /* SNF -- print AT_SYMLINK_[NO]FOLLOW flag */
prt_skc, /* SKC -- print sockconfig() subcode */
prt_acf, /* ACF -- print accept4 flags */
prt_pfd, /* PFD -- print pipe fds */
prt_grf, /* GRF -- print getrandom flags */
+ prt_psdelta, /* PSDLT -- print psecflags(2) delta */
+ prt_psfw, /* PSFW -- print psecflags(2) set */
prt_dec, /* HID -- hidden argument, make this the last one */
};