Print this page
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.

*** 1147,1156 **** --- 1147,1190 ---- kmem_free(buf, maxprivbytes); return (token); } + token_t * + au_to_secflags(const char *which, secflagset_t set) + { + token_t *token, *m; + adr_t adr; + char data_header = AUT_SECFLAGS; + short sz; + char secstr[1024]; + + token = au_getclr(); + + adr_start(&adr, memtod(token, char *)); + adr_char(&adr, &data_header, 1); + + sz = strlen(which) + 1; + adr_short(&adr, &sz, 1); + + token->len = (uchar_t)adr_count(&adr); + m = au_getclr(); + (void) au_append_buf(which, sz, m); + (void) au_append_rec(token, m, AU_PACK); + adr.adr_now += sz; + + secflags_to_str(set, secstr, sizeof (secstr)); + sz = strlen(secstr) + 1; + adr_short(&adr, &sz, 1); + token->len = (uchar_t)adr_count(&adr); + m = au_getclr(); + (void) au_append_buf(secstr, sz, m); + (void) au_append_rec(token, m, AU_PACK); + + return (token); + } + /* * au_to_label * returns: * pointer to au_membuf chain containing a label token. */