Print this page
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.

@@ -75,10 +75,11 @@
 #include <sys/vfs_opreg.h>
 #include <fs/sockfs/sockcommon.h>
 #include <netinet/in.h>
 #include <sys/ddi.h>
 #include <sys/port_impl.h>
+#include <sys/secflags.h>
 
 static au_event_t       aui_fchownat(au_event_t);
 static au_event_t       aui_fchmodat(au_event_t);
 static au_event_t       aui_open(au_event_t);
 static au_event_t       aui_openat(au_event_t);

@@ -100,10 +101,11 @@
 static au_event_t       aui_privsys(au_event_t);
 static au_event_t       aui_forksys(au_event_t);
 static au_event_t       aui_labelsys(au_event_t);
 static au_event_t       aui_setpgrp(au_event_t);
 
+
 static void     aus_exit(struct t_audit_data *);
 static void     aus_open(struct t_audit_data *);
 static void     aus_openat(struct t_audit_data *);
 static void     aus_acl(struct t_audit_data *);
 static void     aus_acct(struct t_audit_data *);

@@ -202,11 +204,11 @@
  */
 aui_null,       AUE_NULL,       aus_null,       /* 0 unused (indirect) */
                 auf_null,       0,
 aui_null,       AUE_EXIT,       aus_exit,       /* 1 exit */
                 auf_null,       S2E_NPT,
-aui_null,       AUE_NULL,       aus_null,       /* 2 (loadable) was forkall */
+aui_null,       AUE_PSECFLAGS,  aus_null,       /* 2 psecflags */
                 auf_null,       0,
 aui_null,       AUE_READ,       aus_null,       /* 3 read */
                 auf_read,       S2E_PUB,
 aui_null,       AUE_WRITE,      aus_null,       /* 4 write */
                 auf_write,      0,

@@ -741,10 +743,11 @@
 
         rval = (uint32_t)uap->rval;
         au_uwrite(au_to_arg32(1, "exit status", rval));
 }
 
+
 /* acct start function */
 /*ARGSUSED*/
 static void
 aus_acct(struct t_audit_data *tad)
 {