Print this page
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.

Split Close
Expand all
Collapse all
          --- old/usr/src/lib/libproc/common/proc_get_info.c
          +++ new/usr/src/lib/libproc/common/proc_get_info.c
↓ open down ↓ 24 lines elided ↑ open up ↑
  25   25  /*
  26   26   * Copyright 2015, Joyent, Inc.
  27   27   */
  28   28  
  29   29  #include <stdio.h>
  30   30  #include <stdlib.h>
  31   31  #include <unistd.h>
  32   32  #include <fcntl.h>
  33   33  #include <string.h>
  34   34  #include <limits.h>
       35 +#include <sys/secflags.h>
  35   36  
  36   37  #include "Pcontrol.h"
  37   38  
  38   39  /*
  39   40   * These several routines simply get the indicated /proc structures
  40   41   * for a process identified by process ID.  They are convenience
  41   42   * functions for one-time operations.  They do the mechanics of
  42   43   * open() / read() / close() of the necessary /proc files so the
  43   44   * caller's code can look relatively less cluttered.
  44   45   */
↓ open down ↓ 16 lines elided ↑ open up ↑
  61   62          (void) snprintf(fname, sizeof (fname), "%s/%d/cred",
  62   63              procfs_path, (int)pid);
  63   64          if ((fd = open(fname, O_RDONLY)) >= 0) {
  64   65                  if (read(fd, credp, size) >= minsize)
  65   66                          rv = 0;
  66   67                  (void) close(fd);
  67   68          }
  68   69          return (rv);
  69   70  }
  70   71  
       72 +int
       73 +proc_get_secflags(pid_t pid, prsecflags_t **psf)
       74 +{
       75 +        char fname[PATH_MAX];
       76 +        int fd;
       77 +        int rv = -1;
       78 +
       79 +        if ((*psf = calloc(1, sizeof (prsecflags_t))) == NULL)
       80 +                return (-1);
       81 +
       82 +        (void) snprintf(fname, sizeof (fname), "%s/%d/secflags",
       83 +            procfs_path, (int)pid);
       84 +        if ((fd = open(fname, O_RDONLY)) >= 0) {
       85 +                if (read(fd, *psf, sizeof (prsecflags_t)) ==
       86 +                    sizeof (prsecflags_t))
       87 +                        rv = 0;
       88 +                (void) close(fd);
       89 +        }
       90 +        return (rv);
       91 +}
       92 +
  71   93  void
  72   94  proc_free_priv(prpriv_t *prv)
  73   95  {
  74   96          free(prv);
  75   97  }
  76   98  
  77   99  /*
  78  100   * Malloc and return a properly sized structure.
  79  101   */
  80  102  prpriv_t *
↓ open down ↓ 117 lines elided ↑ open up ↑
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX