Print this page
Code review comments from jeffpc
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.

Split Close
Expand all
Collapse all
          --- old/usr/src/lib/libscf/common/highlevel.c
          +++ new/usr/src/lib/libscf/common/highlevel.c
↓ open down ↓ 29 lines elided ↑ open up ↑
  30   30  
  31   31  #include "libscf_impl.h"
  32   32  
  33   33  #include <assert.h>
  34   34  #include <libuutil.h>
  35   35  #include <string.h>
  36   36  #include <stdlib.h>
  37   37  #include <sys/systeminfo.h>
  38   38  #include <sys/uadmin.h>
  39   39  #include <sys/utsname.h>
       40 +#include <sys/secflags.h>
  40   41  
  41   42  #ifdef  __x86
  42   43  #include <smbios.h>
  43   44  
  44   45  /*
  45   46   * Check whether the platform is on the fastreboot_blacklist.
  46   47   * Return 1 if the platform has been blacklisted, 0 otherwise.
  47   48   */
  48   49  static int
  49   50  scf_is_fb_blacklisted(void)
↓ open down ↓ 296 lines elided ↑ open up ↑
 346  347          scf_get_boot_config(&boot_config);
 347  348  
 348  349          /*
 349  350           * Get property values from non-persistent "config_ovr" property group
 350  351           */
 351  352          boot_config_ovr = boot_config;
 352  353          scf_get_boot_config_ovr(&boot_config_ovr);
 353  354  
 354  355          return (boot_config & boot_config_ovr & UA_FASTREBOOT_DEFAULT);
 355  356  }
      357 +
      358 +/*
      359 + * Read the default security-flags from system/process-security and return a
      360 + * secflagset_t suitable for psecflags(2)
      361 + *
      362 + * Unfortunately, this symbol must _exist_ in the native build, for the sake
      363 + * of the mapfile, even though we don't ever use it, and it will never work.
      364 + */
      365 +struct group_desc {
      366 +        secflagset_t *set;
      367 +        char *fmri;
      368 +};
      369 +
      370 +int
      371 +scf_default_secflags(scf_handle_t *hndl, psecflags_t *flags)
      372 +{
      373 +#if !defined(NATIVE_BUILD)
      374 +        scf_property_t *prop;
      375 +        scf_value_t *val;
      376 +        const char *flagname;
      377 +        int flag;
      378 +        struct group_desc *g;
      379 +        struct group_desc groups[] = {
      380 +                {NULL, "svc:/system/process-security/"
      381 +                    ":properties/default"},
      382 +                {NULL, "svc:/system/process-security/"
      383 +                    ":properties/lower"},
      384 +                {NULL, "svc:/system/process-security/"
      385 +                    ":properties/upper"},
      386 +                {NULL, NULL}
      387 +        };
      388 +
      389 +        groups[0].set = &flags->psf_inherit;
      390 +        groups[1].set = &flags->psf_lower;
      391 +        groups[2].set = &flags->psf_upper;
      392 +
      393 +        /* Ensure sane defaults */
      394 +        psecflags_default(flags);
      395 +
      396 +        for (g = groups; g->set != NULL; g++) {
      397 +                for (flag = 0; (flagname = secflag_to_str(flag)) != NULL;
      398 +                    flag++) {
      399 +                        char *pfmri;
      400 +                        uint8_t flagval = 0;
      401 +
      402 +                        if ((val = scf_value_create(hndl)) == NULL)
      403 +                                return (-1);
      404 +
      405 +                        if ((prop = scf_property_create(hndl)) == NULL) {
      406 +                                scf_value_destroy(val);
      407 +                                return (-1);
      408 +                        }
      409 +
      410 +                        if ((pfmri = uu_msprintf("%s/%s", g->fmri,
      411 +                            flagname)) == NULL)
      412 +                                uu_die("Allocation failure\n");
      413 +
      414 +                        if (scf_handle_decode_fmri(hndl, pfmri,
      415 +                            NULL, NULL, NULL, NULL, prop, NULL) != 0)
      416 +                                goto next;
      417 +
      418 +                        if (scf_property_get_value(prop, val) != 0)
      419 +                                goto next;
      420 +
      421 +                        (void) scf_value_get_boolean(val, &flagval);
      422 +
      423 +                        if (flagval != 0)
      424 +                                secflag_set(g->set, flag);
      425 +                        else
      426 +                                secflag_clear(g->set, flag);
      427 +
      428 +next:
      429 +                        uu_free(pfmri);
      430 +                        scf_value_destroy(val);
      431 +                        scf_property_destroy(prop);
      432 +                }
      433 +        }
      434 +
      435 +        if (!psecflags_validate(flags))
      436 +                return (-1);
      437 +
      438 +        return (0);
      439 +#else
      440 +        assert(0);
      441 +        abort();
      442 +#endif /* !NATIVE_BUILD */
      443 +}
    
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX