Print this page
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/lib/libproc/common/proc_get_info.c
+++ new/usr/src/lib/libproc/common/proc_get_info.c
1 1 /*
2 2 * CDDL HEADER START
3 3 *
4 4 * The contents of this file are subject to the terms of the
5 5 * Common Development and Distribution License (the "License").
6 6 * You may not use this file except in compliance with the License.
7 7 *
8 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 9 * or http://www.opensolaris.org/os/licensing.
10 10 * See the License for the specific language governing permissions
11 11 * and limitations under the License.
12 12 *
13 13 * When distributing Covered Code, include this CDDL HEADER in each
14 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 15 * If applicable, add the following below this CDDL HEADER, with the
16 16 * fields enclosed by brackets "[]" replaced with your own identifying
17 17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 18 *
19 19 * CDDL HEADER END
20 20 */
21 21 /*
22 22 * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
23 23 * Use is subject to license terms.
24 24 */
|
↓ open down ↓ |
24 lines elided |
↑ open up ↑ |
25 25 /*
26 26 * Copyright 2015, Joyent, Inc.
27 27 */
28 28
29 29 #include <stdio.h>
30 30 #include <stdlib.h>
31 31 #include <unistd.h>
32 32 #include <fcntl.h>
33 33 #include <string.h>
34 34 #include <limits.h>
35 +#include <sys/secflags.h>
35 36
36 37 #include "Pcontrol.h"
37 38
38 39 /*
39 40 * These several routines simply get the indicated /proc structures
40 41 * for a process identified by process ID. They are convenience
41 42 * functions for one-time operations. They do the mechanics of
42 43 * open() / read() / close() of the necessary /proc files so the
43 44 * caller's code can look relatively less cluttered.
44 45 */
45 46
46 47 /*
47 48 * 'ngroups' is the number of supplementary group entries allocated in
48 49 * the caller's cred structure. It should equal zero or one unless extra
49 50 * space has been allocated for the group list by the caller, like this:
50 51 * credp = malloc(sizeof (prcred_t) + (ngroups - 1) * sizeof (gid_t));
51 52 */
52 53 int
53 54 proc_get_cred(pid_t pid, prcred_t *credp, int ngroups)
54 55 {
55 56 char fname[PATH_MAX];
56 57 int fd;
57 58 int rv = -1;
58 59 ssize_t minsize = sizeof (*credp) - sizeof (gid_t);
59 60 size_t size = minsize + ngroups * sizeof (gid_t);
60 61
|
↓ open down ↓ |
16 lines elided |
↑ open up ↑ |
61 62 (void) snprintf(fname, sizeof (fname), "%s/%d/cred",
62 63 procfs_path, (int)pid);
63 64 if ((fd = open(fname, O_RDONLY)) >= 0) {
64 65 if (read(fd, credp, size) >= minsize)
65 66 rv = 0;
66 67 (void) close(fd);
67 68 }
68 69 return (rv);
69 70 }
70 71
72 +int
73 +proc_get_secflags(pid_t pid, prsecflags_t **psf)
74 +{
75 + char fname[PATH_MAX];
76 + int fd;
77 + int rv = -1;
78 +
79 + if ((*psf = calloc(1, sizeof (prsecflags_t))) == NULL)
80 + return (-1);
81 +
82 + (void) snprintf(fname, sizeof (fname), "%s/%d/secflags",
83 + procfs_path, (int)pid);
84 + if ((fd = open(fname, O_RDONLY)) >= 0) {
85 + if (read(fd, *psf, sizeof (prsecflags_t)) ==
86 + sizeof (prsecflags_t))
87 + rv = 0;
88 + (void) close(fd);
89 + }
90 + return (rv);
91 +}
92 +
71 93 void
72 94 proc_free_priv(prpriv_t *prv)
73 95 {
74 96 free(prv);
75 97 }
76 98
77 99 /*
78 100 * Malloc and return a properly sized structure.
79 101 */
80 102 prpriv_t *
81 103 proc_get_priv(pid_t pid)
82 104 {
83 105 char fname[PATH_MAX];
84 106 int fd;
85 107 struct stat statb;
86 108 prpriv_t *rv = NULL;
87 109
88 110 (void) snprintf(fname, sizeof (fname), "%s/%d/priv",
89 111 procfs_path, (int)pid);
90 112 if ((fd = open(fname, O_RDONLY)) >= 0) {
91 113 if (fstat(fd, &statb) != 0 ||
92 114 (rv = malloc(statb.st_size)) == NULL ||
93 115 read(fd, rv, statb.st_size) != statb.st_size) {
94 116 free(rv);
95 117 rv = NULL;
96 118 }
97 119 (void) close(fd);
98 120 }
99 121 return (rv);
100 122 }
101 123
102 124 #if defined(__i386) || defined(__amd64)
103 125 /*
104 126 * Fill in a pointer to a process LDT structure.
105 127 * The caller provides a buffer of size 'nldt * sizeof (struct ssd)';
106 128 * If pldt == NULL or nldt == 0, we return the number of existing LDT entries.
107 129 * Otherwise we return the actual number of LDT entries fetched (<= nldt).
108 130 */
109 131 int
110 132 proc_get_ldt(pid_t pid, struct ssd *pldt, int nldt)
111 133 {
112 134 char fname[PATH_MAX];
113 135 int fd;
114 136 struct stat statb;
115 137 size_t size;
116 138 ssize_t ssize;
117 139
118 140 (void) snprintf(fname, sizeof (fname), "%s/%d/ldt",
119 141 procfs_path, (int)pid);
120 142 if ((fd = open(fname, O_RDONLY)) < 0)
121 143 return (-1);
122 144
123 145 if (pldt == NULL || nldt == 0) {
124 146 nldt = 0;
125 147 if (fstat(fd, &statb) == 0)
126 148 nldt = statb.st_size / sizeof (struct ssd);
127 149 (void) close(fd);
128 150 return (nldt);
129 151 }
130 152
131 153 size = nldt * sizeof (struct ssd);
132 154 if ((ssize = read(fd, pldt, size)) < 0)
133 155 nldt = -1;
134 156 else
135 157 nldt = ssize / sizeof (struct ssd);
136 158
137 159 (void) close(fd);
138 160 return (nldt);
139 161 }
140 162 #endif /* __i386 || __amd64 */
141 163
142 164 int
143 165 proc_get_psinfo(pid_t pid, psinfo_t *psp)
144 166 {
145 167 char fname[PATH_MAX];
146 168 int fd;
147 169 int rv = -1;
148 170
149 171 (void) snprintf(fname, sizeof (fname), "%s/%d/psinfo",
150 172 procfs_path, (int)pid);
151 173 if ((fd = open(fname, O_RDONLY)) >= 0) {
152 174 if (read(fd, psp, sizeof (*psp)) == sizeof (*psp))
153 175 rv = 0;
154 176 (void) close(fd);
155 177 }
156 178 return (rv);
157 179 }
158 180
159 181 int
160 182 proc_get_status(pid_t pid, pstatus_t *psp)
161 183 {
162 184 char fname[PATH_MAX];
163 185 int fd;
164 186 int rv = -1;
165 187
166 188 (void) snprintf(fname, sizeof (fname), "%s/%d/status",
167 189 procfs_path, (int)pid);
168 190 if ((fd = open(fname, O_RDONLY)) >= 0) {
169 191 if (read(fd, psp, sizeof (*psp)) == sizeof (*psp))
170 192 rv = 0;
171 193 (void) close(fd);
172 194 }
173 195 return (rv);
174 196 }
175 197
176 198 /*
177 199 * Get the process's aux vector.
178 200 * 'naux' is the number of aux entries in the caller's buffer.
179 201 * We return the number of aux entries actually fetched from
180 202 * the process (less than or equal to 'naux') or -1 on failure.
181 203 */
182 204 int
183 205 proc_get_auxv(pid_t pid, auxv_t *pauxv, int naux)
184 206 {
185 207 char fname[PATH_MAX];
186 208 int fd;
187 209 int rv = -1;
188 210
189 211 (void) snprintf(fname, sizeof (fname), "%s/%d/auxv",
190 212 procfs_path, (int)pid);
191 213 if ((fd = open(fname, O_RDONLY)) >= 0) {
192 214 if ((rv = read(fd, pauxv, naux * sizeof (auxv_t))) >= 0)
193 215 rv /= sizeof (auxv_t);
194 216 (void) close(fd);
195 217 }
196 218 return (rv);
197 219 }
|
↓ open down ↓ |
117 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX