Print this page
Code review comments from jeffpc
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.


 346            apply: the effective privilege set of the attaching process must be
 347            a superset of the target process's effective, permitted, and
 348            inheritable sets; the limit set must be a superset of the target's
 349            limit set; if the target process has any UID set to 0 all privilege
 350            must be asserted unless the effective UID is 0. Allow a process to
 351            bind arbitrary processes to CPUs.
 352 
 353 
 354        PRIV_PROC_PRIOUP
 355 
 356            Allow a process to elevate its priority above its current level.
 357 
 358 
 359        PRIV_PROC_PRIOCNTL
 360 
 361            Allows all that PRIV_PROC_PRIOUP allows.  Allow a process to change
 362            its scheduling class to any scheduling class, including the RT
 363            class.
 364 
 365 






 366        PRIV_PROC_SESSION
 367 
 368            Allow a process to send signals or trace processes outside its
 369            session.
 370 
 371 
 372        PRIV_PROC_SETID
 373 
 374            Allow a process to set its UIDs at will, assuming UID 0 requires
 375            all privileges to be asserted.
 376 
 377 
 378        PRIV_PROC_TASKID
 379 
 380            Allow a process to assign a new task ID to the calling process.
 381 
 382 
 383        PRIV_PROC_ZONE
 384 
 385            Allow a process to trace or send signals to processes in other


 902        ntp_adjtime(2), open(2), p_online(2), priocntl(2), priocntlset(2),
 903        processor_bind(2), pset_bind(2), pset_create(2), readlink(2),
 904        resolvepath(2), rmdir(2), semctl(2), setauid(2), setegid(2),
 905        seteuid(2), setgid(2), setgroups(2), setpflags(2), setppriv(2),
 906        setrctl(2), setregid(2), setreuid(2), setrlimit(2), settaskid(2),
 907        setuid(2), shmctl(2), shmget(2), shmop(2), sigsend(2), stat(2),
 908        statvfs(2), stime(2), swapctl(2), sysinfo(2), uadmin(2), ulimit(2),
 909        umount(2), unlink(2), utime(2), utimes(2), bind(3SOCKET),
 910        door_ucred(3C), priv_addset(3C), priv_set(3C), priv_getbyname(3C),
 911        priv_getbynum(3C), priv_set_to_str(3C), priv_str_to_set(3C),
 912        socket(3SOCKET), t_bind(3NSL), timer_create(3C), ucred_get(3C),
 913        exec_attr(4), proc(4), system(4), user_attr(4), xVM(5), ddi_cred(9F),
 914        drv_priv(9F), priv_getbyname(9F), priv_policy(9F),
 915        priv_policy_choice(9F), priv_policy_only(9F)
 916 
 917 
 918        System Administration Guide: Security Services
 919 
 920 
 921 
 922                                  April 9, 2016                   PRIVILEGES(5)


 346            apply: the effective privilege set of the attaching process must be
 347            a superset of the target process's effective, permitted, and
 348            inheritable sets; the limit set must be a superset of the target's
 349            limit set; if the target process has any UID set to 0 all privilege
 350            must be asserted unless the effective UID is 0. Allow a process to
 351            bind arbitrary processes to CPUs.
 352 
 353 
 354        PRIV_PROC_PRIOUP
 355 
 356            Allow a process to elevate its priority above its current level.
 357 
 358 
 359        PRIV_PROC_PRIOCNTL
 360 
 361            Allows all that PRIV_PROC_PRIOUP allows.  Allow a process to change
 362            its scheduling class to any scheduling class, including the RT
 363            class.
 364 
 365 
 366        PRIV_PROC_SECFLAGS
 367 
 368            Allow a process to manipulate the secflags of processes (subject
 369            to, additionally, the ability to signal that process).
 370 
 371 
 372        PRIV_PROC_SESSION
 373 
 374            Allow a process to send signals or trace processes outside its
 375            session.
 376 
 377 
 378        PRIV_PROC_SETID
 379 
 380            Allow a process to set its UIDs at will, assuming UID 0 requires
 381            all privileges to be asserted.
 382 
 383 
 384        PRIV_PROC_TASKID
 385 
 386            Allow a process to assign a new task ID to the calling process.
 387 
 388 
 389        PRIV_PROC_ZONE
 390 
 391            Allow a process to trace or send signals to processes in other


 908        ntp_adjtime(2), open(2), p_online(2), priocntl(2), priocntlset(2),
 909        processor_bind(2), pset_bind(2), pset_create(2), readlink(2),
 910        resolvepath(2), rmdir(2), semctl(2), setauid(2), setegid(2),
 911        seteuid(2), setgid(2), setgroups(2), setpflags(2), setppriv(2),
 912        setrctl(2), setregid(2), setreuid(2), setrlimit(2), settaskid(2),
 913        setuid(2), shmctl(2), shmget(2), shmop(2), sigsend(2), stat(2),
 914        statvfs(2), stime(2), swapctl(2), sysinfo(2), uadmin(2), ulimit(2),
 915        umount(2), unlink(2), utime(2), utimes(2), bind(3SOCKET),
 916        door_ucred(3C), priv_addset(3C), priv_set(3C), priv_getbyname(3C),
 917        priv_getbynum(3C), priv_set_to_str(3C), priv_str_to_set(3C),
 918        socket(3SOCKET), t_bind(3NSL), timer_create(3C), ucred_get(3C),
 919        exec_attr(4), proc(4), system(4), user_attr(4), xVM(5), ddi_cred(9F),
 920        drv_priv(9F), priv_getbyname(9F), priv_policy(9F),
 921        priv_policy_choice(9F), priv_policy_only(9F)
 922 
 923 
 924        System Administration Guide: Security Services
 925 
 926 
 927 
 928                                  June 6, 2016                    PRIVILEGES(5)