Print this page
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.

@@ -30,10 +30,11 @@
 #include <stdlib.h>
 #include <unistd.h>
 #include <fcntl.h>
 #include <string.h>
 #include <limits.h>
+#include <sys/secflags.h>
 
 #include "Pcontrol.h"
 
 /*
  * These several routines simply get the indicated /proc structures

@@ -66,10 +67,31 @@
                 (void) close(fd);
         }
         return (rv);
 }
 
+int
+proc_get_secflags(pid_t pid, prsecflags_t **psf)
+{
+        char fname[PATH_MAX];
+        int fd;
+        int rv = -1;
+
+        if ((*psf = calloc(1, sizeof (prsecflags_t))) == NULL)
+                return (-1);
+
+        (void) snprintf(fname, sizeof (fname), "%s/%d/secflags",
+            procfs_path, (int)pid);
+        if ((fd = open(fname, O_RDONLY)) >= 0) {
+                if (read(fd, *psf, sizeof (prsecflags_t)) ==
+                    sizeof (prsecflags_t))
+                        rv = 0;
+                (void) close(fd);
+        }
+        return (rv);
+}
+
 void
 proc_free_priv(prpriv_t *prv)
 {
         free(prv);
 }