Print this page
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.

Split Close
Expand all
Collapse all
          --- old/usr/src/lib/libproc/common/libproc.h
          +++ new/usr/src/lib/libproc/common/libproc.h
↓ open down ↓ 47 lines elided ↑ open up ↑
  48   48  #include <ucred.h>
  49   49  #include <rctl.h>
  50   50  #include <libctf.h>
  51   51  #include <sys/stat.h>
  52   52  #include <sys/statvfs.h>
  53   53  #include <sys/auxv.h>
  54   54  #include <sys/resource.h>
  55   55  #include <sys/socket.h>
  56   56  #include <sys/utsname.h>
  57   57  #include <sys/corectl.h>
       58 +#include <sys/secflags.h>
  58   59  #if defined(__i386) || defined(__amd64)
  59   60  #include <sys/sysi86.h>
  60   61  #endif
  61   62  
  62   63  #ifdef  __cplusplus
  63   64  extern "C" {
  64   65  #endif
  65   66  
  66   67  /*
  67   68   * Opaque structure tag reference to a process control structure.
↓ open down ↓ 117 lines elided ↑ open up ↑
 185  186      uintptr_t, void *);
 186  187  typedef ssize_t (*pop_pwrite_t)(struct ps_prochandle *, const void *, size_t,
 187  188      uintptr_t, void *);
 188  189  typedef int (*pop_read_maps_t)(struct ps_prochandle *, prmap_t **, ssize_t *,
 189  190      void *);
 190  191  typedef void (*pop_read_aux_t)(struct ps_prochandle *, auxv_t **, int *,
 191  192      void *);
 192  193  typedef int (*pop_cred_t)(struct ps_prochandle *, prcred_t *, int,
 193  194      void *);
 194  195  typedef int (*pop_priv_t)(struct ps_prochandle *, prpriv_t **, void *);
      196 +typedef int (*pop_secflags_t)(struct ps_prochandle *, prsecflags_t **, void *);
 195  197  typedef const psinfo_t *(*pop_psinfo_t)(struct ps_prochandle *, psinfo_t *,
 196  198      void *);
 197  199  typedef void (*pop_status_t)(struct ps_prochandle *, pstatus_t *, void *);
 198  200  typedef prheader_t *(*pop_lstatus_t)(struct ps_prochandle *, void *);
 199  201  typedef prheader_t *(*pop_lpsinfo_t)(struct ps_prochandle *, void *);
 200  202  typedef void (*pop_fini_t)(struct ps_prochandle *, void *);
 201  203  typedef char *(*pop_platform_t)(struct ps_prochandle *, char *, size_t, void *);
 202  204  typedef int (*pop_uname_t)(struct ps_prochandle *, struct utsname *, void *);
 203  205  typedef char *(*pop_zonename_t)(struct ps_prochandle *, char *, size_t, void *);
 204  206  typedef char *(*pop_execname_t)(struct ps_prochandle *, char *, size_t, void *);
↓ open down ↓ 10 lines elided ↑ open up ↑
 215  217          pop_priv_t              pop_priv;
 216  218          pop_psinfo_t            pop_psinfo;
 217  219          pop_status_t            pop_status;
 218  220          pop_lstatus_t           pop_lstatus;
 219  221          pop_lpsinfo_t           pop_lpsinfo;
 220  222          pop_fini_t              pop_fini;
 221  223          pop_platform_t          pop_platform;
 222  224          pop_uname_t             pop_uname;
 223  225          pop_zonename_t          pop_zonename;
 224  226          pop_execname_t          pop_execname;
      227 +        pop_secflags_t          pop_secflags;
 225  228  #if defined(__i386) || defined(__amd64)
 226  229          pop_ldt_t               pop_ldt;
 227  230  #endif
 228  231  } ps_ops_t;
 229  232  
 230  233  /*
 231  234   * Function prototypes for routines in the process control package.
 232  235   */
 233  236  extern struct ps_prochandle *Pcreate(const char *, char *const *,
 234  237      int *, char *, size_t);
↓ open down ↓ 28 lines elided ↑ open up ↑
 263  266  extern  int     Pcred(struct ps_prochandle *, prcred_t *, int);
 264  267  extern  int     Psetcred(struct ps_prochandle *, const prcred_t *);
 265  268  extern  int     Ppriv(struct ps_prochandle *, prpriv_t **);
 266  269  extern  void    Ppriv_free(struct ps_prochandle *, prpriv_t *);
 267  270  extern  int     Psetpriv(struct ps_prochandle *, prpriv_t *);
 268  271  extern  void   *Pprivinfo(struct ps_prochandle *);
 269  272  extern  int     Psetzoneid(struct ps_prochandle *, zoneid_t);
 270  273  extern  int     Pgetareg(struct ps_prochandle *, int, prgreg_t *);
 271  274  extern  int     Pputareg(struct ps_prochandle *, int, prgreg_t);
 272  275  extern  int     Psetrun(struct ps_prochandle *, int, int);
      276 +extern  int     Psecflags(struct ps_prochandle *, prsecflags_t **);
      277 +extern  void    Psecflags_free(prsecflags_t *);
 273  278  extern  ssize_t Pread(struct ps_prochandle *, void *, size_t, uintptr_t);
 274  279  extern  ssize_t Pread_string(struct ps_prochandle *, char *, size_t, uintptr_t);
 275  280  extern  ssize_t Pwrite(struct ps_prochandle *, const void *, size_t, uintptr_t);
 276  281  extern  int     Pclearsig(struct ps_prochandle *);
 277  282  extern  int     Pclearfault(struct ps_prochandle *);
 278  283  extern  int     Psetbkpt(struct ps_prochandle *, uintptr_t, ulong_t *);
 279  284  extern  int     Pdelbkpt(struct ps_prochandle *, uintptr_t, ulong_t);
 280  285  extern  int     Pxecbkpt(struct ps_prochandle *, ulong_t);
 281  286  extern  int     Psetwapt(struct ps_prochandle *, const prwatch_t *);
 282  287  extern  int     Pdelwapt(struct ps_prochandle *, const prwatch_t *);
↓ open down ↓ 406 lines elided ↑ open up ↑
 689  694  /*
 690  695   * Utility functions for obtaining information via /proc without actually
 691  696   * performing a Pcreate() or Pgrab():
 692  697   */
 693  698  extern int proc_get_auxv(pid_t, auxv_t *, int);
 694  699  extern int proc_get_cred(pid_t, prcred_t *, int);
 695  700  extern prpriv_t *proc_get_priv(pid_t);
 696  701  extern void proc_free_priv(prpriv_t *);
 697  702  extern int proc_get_psinfo(pid_t, psinfo_t *);
 698  703  extern int proc_get_status(pid_t, pstatus_t *);
      704 +extern int proc_get_secflags(pid_t, prsecflags_t **);
 699  705  
 700  706  /*
 701  707   * Utility functions for debugging tools to convert numeric fault,
 702  708   * signal, and system call numbers to symbolic names:
 703  709   */
 704  710  #define FLT2STR_MAX 32  /* max. string length of faults (like SIG2STR_MAX) */
 705  711  #define SYS2STR_MAX 32  /* max. string length of syscalls (like SIG2STR_MAX) */
 706  712  
 707  713  extern char *proc_fltname(int, char *, size_t);
 708  714  extern char *proc_signame(int, char *, size_t);
↓ open down ↓ 64 lines elided ↑ open up ↑
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX