Print this page
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.

Split Close
Expand all
Collapse all
          --- old/usr/src/uts/common/c2/audit_token.c
          +++ new/usr/src/uts/common/c2/audit_token.c
↓ open down ↓ 1141 lines elided ↑ open up ↑
1142 1142          m = au_getclr();
1143 1143          (void) au_append_buf(buf, sz, m);
1144 1144          (void) au_append_rec(token, m, AU_PACK);
1145 1145  
1146 1146          if (!full)
1147 1147                  kmem_free(buf, maxprivbytes);
1148 1148  
1149 1149          return (token);
1150 1150  }
1151 1151  
     1152 +token_t *
     1153 +au_to_secflags(const char *which, secflagset_t set)
     1154 +{
     1155 +        token_t *token, *m;
     1156 +        adr_t adr;
     1157 +        char data_header = AUT_SECFLAGS;
     1158 +        short sz;
     1159 +        char secstr[1024];
     1160 +
     1161 +        token = au_getclr();
     1162 +
     1163 +        adr_start(&adr, memtod(token, char *));
     1164 +        adr_char(&adr, &data_header, 1);
     1165 +
     1166 +        sz = strlen(which) + 1;
     1167 +        adr_short(&adr, &sz, 1);
     1168 +
     1169 +        token->len = (uchar_t)adr_count(&adr);
     1170 +        m = au_getclr();
     1171 +        (void) au_append_buf(which, sz, m);
     1172 +        (void) au_append_rec(token, m, AU_PACK);
     1173 +        adr.adr_now += sz;
     1174 +
     1175 +        secflags_to_str(set, secstr, sizeof (secstr));
     1176 +        sz = strlen(secstr) + 1;
     1177 +        adr_short(&adr, &sz, 1);
     1178 +        token->len = (uchar_t)adr_count(&adr);
     1179 +        m = au_getclr();
     1180 +        (void) au_append_buf(secstr, sz, m);
     1181 +        (void) au_append_rec(token, m, AU_PACK);
     1182 +
     1183 +        return (token);
     1184 +}
     1185 +
1152 1186  /*
1153 1187   * au_to_label
1154 1188   * returns:
1155 1189   *      pointer to au_membuf chain containing a label token.
1156 1190   */
1157 1191  token_t *
1158 1192  au_to_label(bslabel_t *label)
1159 1193  {
1160 1194          token_t *m;                     /* local au_membuf */
1161 1195          adr_t adr;                      /* adr memory stream header */
↓ open down ↓ 12 lines elided ↑ open up ↑
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX