Print this page
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.

Split
Expand all
Collapse all
          --- old/usr/src/uts/common/c2/audit.c
          +++ new/usr/src/uts/common/c2/audit.c
↓ open down ↓ 719 lines elided ↑ open up ↑
 720  720   *      process could attempt to use the file while we were still
 721  721   *      asleep waiting on the audit queue. This would cause the
 722  722   *      per file audit data to be corrupted when we finally do
 723  723   *      wakeup.
 724  724   * TODO:
 725  725   * QUESTION:
 726  726   */
 727  727  
 728  728  void
 729  729  audit_closef(struct file *fp)
 730      -{       /* AUDIT_CLOSEF */
      730 +{
 731  731          f_audit_data_t *fad;
 732  732          t_audit_data_t *tad;
 733  733          int success;
 734  734          au_state_t estate;
 735  735          struct vnode *vp;
 736  736          token_t *ad = NULL;
 737  737          struct vattr attr;
 738  738          au_emod_t evmod = 0;
 739  739          const auditinfo_addr_t *ainfo;
 740  740          cred_t *cr;
↓ open down ↓ 47 lines elided ↑ open up ↑
 788  788                          audit_attr = B_TRUE;
 789  789                  }
 790  790          }
 791  791  
 792  792          evmod = (au_emod_t)fad->fad_flags;
 793  793          if (fad->fad_aupath != NULL) {
 794  794                  au_write((caddr_t *)&(ad), au_to_path(fad->fad_aupath));
 795  795          } else {
 796  796  #ifdef _LP64
 797  797                  au_write((caddr_t *)&(ad), au_to_arg64(
 798      -                        1, "no path: fp", (uint64_t)fp));
      798 +                    1, "no path: fp", (uint64_t)fp));
 799  799  #else
 800  800                  au_write((caddr_t *)&(ad), au_to_arg32(
 801      -                        1, "no path: fp", (uint32_t)fp));
      801 +                    1, "no path: fp", (uint32_t)fp));
 802  802  #endif
 803  803          }
 804  804  
 805  805          if (audit_attr) {
 806  806                  au_write((caddr_t *)&(ad), au_to_attr(&attr));
 807  807                  audit_sec_attributes((caddr_t *)&(ad), vp);
 808  808          }
 809  809  
 810  810          /* Add subject information */
 811  811          AUDIT_SETSUBJ((caddr_t *)&(ad), cr, ainfo, kctx);
↓ open down ↓ 779 lines elided ↑ open up ↑
1591 1591  
1592 1592          if (sy_flags == SE_64RVAL)
1593 1593                  au_write(ad, au_to_return64(err, rval));
1594 1594          else
1595 1595                  au_write(ad, au_to_return32(err, rval));
1596 1596  
1597 1597  }
1598 1598  
1599 1599  /*ARGSUSED*/
1600 1600  void
1601      -audit_fdsend(fd, fp, error)
1602      -        int fd;
1603      -        struct file *fp;
1604      -        int error;              /* ignore for now */
     1601 +audit_fdsend(int fd, struct file *fp, int error)
1605 1602  {
1606 1603          t_audit_data_t *tad;    /* current thread */
1607 1604          f_audit_data_t *fad;    /* per file audit structure */
1608 1605          struct vnode *vp;       /* for file attributes */
1609 1606  
1610 1607          /* is this system call being audited */
1611 1608          tad = U2A(u);
1612 1609          ASSERT(tad != (t_audit_data_t *)0);
1613 1610          if (!tad->tad_flag)
1614 1611                  return;
↓ open down ↓ 51 lines elided ↑ open up ↑
1666 1663          } else {
1667 1664                  ASSERT(set != NULL || priv != PRIV_NONE);
1668 1665                  if (set != NULL)
1669 1666                          priv_union(set, target);
1670 1667                  if (priv != PRIV_NONE)
1671 1668                          priv_addset(target, priv);
1672 1669          }
1673 1670  }
1674 1671  
1675 1672  /*
     1673 + * Audit the psecflags() system call; the set name, current value, and delta
     1674 + * are put in the audit trail.
     1675 + */
     1676 +void
     1677 +audit_psecflags(proc_t *p,
     1678 +    psecflagwhich_t which,
     1679 +    const secflagdelta_t *psd)
     1680 +{
     1681 +        t_audit_data_t *tad;
     1682 +        secflagset_t new;
     1683 +        const secflagset_t *old;
     1684 +        const char *s;
     1685 +        cred_t *cr;
     1686 +        pid_t pid;
     1687 +        const auditinfo_addr_t  *ainfo;
     1688 +        const psecflags_t *psec = &p->p_secflags;
     1689 +
     1690 +        tad = U2A(u);
     1691 +
     1692 +        if (tad->tad_flag == 0)
     1693 +                return;
     1694 +
     1695 +        switch (which) {
     1696 +        case PSF_EFFECTIVE:
     1697 +                s = "effective";
     1698 +                old = &psec->psf_effective;
     1699 +                break;
     1700 +        case PSF_INHERIT:
     1701 +                s = "inherit";
     1702 +                old = &psec->psf_inherit;
     1703 +                break;
     1704 +        case PSF_LOWER:
     1705 +                s = "lower";
     1706 +                old = &psec->psf_lower;
     1707 +                break;
     1708 +        case PSF_UPPER:
     1709 +                s = "upper";
     1710 +                old = &psec->psf_upper;
     1711 +                break;
     1712 +        }
     1713 +
     1714 +        secflags_copy(&new, old);
     1715 +        secflags_apply_delta(&new, psd);
     1716 +
     1717 +        au_uwrite(au_to_secflags(s, *old));
     1718 +        au_uwrite(au_to_secflags(s, new));
     1719 +
     1720 +        ASSERT(mutex_owned(&p->p_lock));
     1721 +        mutex_enter(&p->p_crlock);
     1722 +
     1723 +        pid = p->p_pid;
     1724 +        crhold(cr = p->p_cred);
     1725 +        mutex_exit(&p->p_crlock);
     1726 +
     1727 +        if ((ainfo = crgetauinfo(cr)) == NULL) {
     1728 +                crfree(cr);
     1729 +                return;
     1730 +        }
     1731 +
     1732 +        AUDIT_SETPROC_GENERIC(&(u_ad), cr, ainfo, pid);
     1733 +
     1734 +        crfree(cr);
     1735 +}
     1736 +
     1737 +/*
1676 1738   * Audit the setpriv() system call; the operation, the set name and
1677 1739   * the current value as well as the set argument are put in the
1678 1740   * audit trail.
1679 1741   */
1680 1742  void
1681 1743  audit_setppriv(int op, int set, const priv_set_t *newpriv, const cred_t *ocr)
1682 1744  {
1683 1745          t_audit_data_t *tad;
1684 1746          const priv_set_t *oldpriv;
1685 1747          priv_set_t report;
↓ open down ↓ 56 lines elided ↑ open up ↑
1742 1804  
1743 1805                  au_uwrite(au_to_privset("read", &items[i].dps_rdp,
1744 1806                      AUT_PRIV, 0));
1745 1807                  au_uwrite(au_to_privset("write", &items[i].dps_wrp,
1746 1808                      AUT_PRIV, 0));
1747 1809          }
1748 1810  }
1749 1811  
1750 1812  /*ARGSUSED*/
1751 1813  void
1752      -audit_fdrecv(fd, fp)
1753      -        int fd;
1754      -        struct file *fp;
     1814 +audit_fdrecv(int fd, struct file *fp)
1755 1815  {
1756 1816          t_audit_data_t *tad;    /* current thread */
1757 1817          f_audit_data_t *fad;    /* per file audit structure */
1758 1818          struct vnode *vp;       /* for file attributes */
1759 1819  
1760 1820          /* is this system call being audited */
1761 1821          tad = U2A(u);
1762 1822          ASSERT(tad != (t_audit_data_t *)0);
1763 1823          if (!tad->tad_flag)
1764 1824                  return;
↓ open down ↓ 426 lines elided ↑ open up ↑