Print this page
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.

Split Close
Expand all
Collapse all
          --- old/usr/src/uts/common/c2/audit_record.h
          +++ new/usr/src/uts/common/c2/audit_record.h
↓ open down ↓ 113 lines elided ↑ open up ↑
 114  114          /* 0x37 unused */
 115  115  #define AUT_PRIV                ((char)0x38)
 116  116  #define AUT_UPRIV               ((char)0x39)
 117  117  #define AUT_LIAISON             ((char)0x3A)
 118  118  #define AUT_NEWGROUPS           ((char)0x3B)
 119  119  #define AUT_EXEC_ARGS           ((char)0x3C)
 120  120  #define AUT_EXEC_ENV            ((char)0x3D)
 121  121  #define AUT_ATTR32              ((char)0x3E)
 122  122  #define AUT_UAUTH               ((char)0x3F)
 123  123  #define AUT_ZONENAME            ((char)0x60)    /* out of order */
      124 +#define AUT_SECFLAGS            ((char)0x62)    /* out of order */
 124  125  
 125  126  /*
 126  127   * X windows token types
 127  128   */
 128  129  
 129  130  #define AUT_XATOM               ((char)0x40)
 130  131  #define AUT_XOBJ                ((char)0x41)
 131  132  #define AUT_XPROTO              ((char)0x42)
 132  133  #define AUT_XSELECT             ((char)0x43)
 133  134  
↓ open down ↓ 157 lines elided ↑ open up ↑
 291  292  size_t  au_zonename_length(zone_t *);
 292  293  token_t *au_to_zonename(size_t, zone_t *);
 293  294  token_t *au_to_arg32(char, char *, uint32_t);
 294  295  token_t *au_to_arg64(char, char *, uint64_t);
 295  296  token_t *au_to_socket_ex(short, short, char *, char *);
 296  297  token_t *au_to_sock_inet(struct sockaddr_in *);
 297  298  token_t *au_to_exec_args(const char *, ssize_t);
 298  299  token_t *au_to_exec_env(const char *, ssize_t);
 299  300  token_t *au_to_label(bslabel_t *);
 300  301  token_t *au_to_privset(const char *, const priv_set_t *, char, int);
      302 +token_t *au_to_secflags(const char *, secflagset_t);
 301  303  
 302  304  void    au_uwrite();
 303  305  void    au_close(au_kcontext_t *, caddr_t *, int, au_event_t, au_emod_t,
 304  306      timestruc_t *);
 305  307  void    au_close_defer(token_t *, int, au_event_t, au_emod_t, timestruc_t *);
 306  308  void    au_close_time(au_kcontext_t *, token_t *, int, au_event_t, au_emod_t,
 307  309              timestruc_t *);
 308  310  void    au_free_rec(au_buff_t *);
 309  311  void    au_write(caddr_t *, token_t *);
 310  312  void    au_mem_init(void);
↓ open down ↓ 163 lines elided ↑ open up ↑
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX