Print this page
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.

*** 75,84 **** --- 75,85 ---- #include <sys/vfs_opreg.h> #include <fs/sockfs/sockcommon.h> #include <netinet/in.h> #include <sys/ddi.h> #include <sys/port_impl.h> + #include <sys/secflags.h> static au_event_t aui_fchownat(au_event_t); static au_event_t aui_fchmodat(au_event_t); static au_event_t aui_open(au_event_t); static au_event_t aui_openat(au_event_t);
*** 100,109 **** --- 101,111 ---- static au_event_t aui_privsys(au_event_t); static au_event_t aui_forksys(au_event_t); static au_event_t aui_labelsys(au_event_t); static au_event_t aui_setpgrp(au_event_t); + static void aus_exit(struct t_audit_data *); static void aus_open(struct t_audit_data *); static void aus_openat(struct t_audit_data *); static void aus_acl(struct t_audit_data *); static void aus_acct(struct t_audit_data *);
*** 202,212 **** */ aui_null, AUE_NULL, aus_null, /* 0 unused (indirect) */ auf_null, 0, aui_null, AUE_EXIT, aus_exit, /* 1 exit */ auf_null, S2E_NPT, ! aui_null, AUE_NULL, aus_null, /* 2 (loadable) was forkall */ auf_null, 0, aui_null, AUE_READ, aus_null, /* 3 read */ auf_read, S2E_PUB, aui_null, AUE_WRITE, aus_null, /* 4 write */ auf_write, 0, --- 204,214 ---- */ aui_null, AUE_NULL, aus_null, /* 0 unused (indirect) */ auf_null, 0, aui_null, AUE_EXIT, aus_exit, /* 1 exit */ auf_null, S2E_NPT, ! aui_null, AUE_PSECFLAGS, aus_null, /* 2 psecflags */ auf_null, 0, aui_null, AUE_READ, aus_null, /* 3 read */ auf_read, S2E_PUB, aui_null, AUE_WRITE, aus_null, /* 4 write */ auf_write, 0,
*** 741,750 **** --- 743,753 ---- rval = (uint32_t)uap->rval; au_uwrite(au_to_arg32(1, "exit status", rval)); } + /* acct start function */ /*ARGSUSED*/ static void aus_acct(struct t_audit_data *tad) {