Print this page
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.

Split Close
Expand all
Collapse all
          --- old/usr/src/uts/common/exec/elf/elf_notes.c
          +++ new/usr/src/uts/common/exec/elf/elf_notes.c
↓ open down ↓ 86 lines elided ↑ open up ↑
  87   87          for (fd = 0; fd < fip->fi_nfiles; fd++) {
  88   88                  UF_ENTER(ufp, fip, fd);
  89   89                  if ((ufp->uf_file != NULL) && (ufp->uf_file->f_count > 0))
  90   90                          nfd++;
  91   91                  UF_EXIT(ufp);
  92   92          }
  93   93          mutex_exit(&fip->fi_lock);
  94   94  
  95   95          v[0].p_type = PT_NOTE;
  96   96          v[0].p_flags = PF_R;
  97      -        v[0].p_filesz = (sizeof (Note) * (9 + 2 * nlwp + nzomb + nfd))
       97 +        v[0].p_filesz = (sizeof (Note) * (10 + 2 * nlwp + nzomb + nfd))
  98   98              + roundup(sizeof (psinfo_t), sizeof (Word))
  99   99              + roundup(sizeof (pstatus_t), sizeof (Word))
 100  100              + roundup(prgetprivsize(), sizeof (Word))
 101  101              + roundup(priv_get_implinfo_size(), sizeof (Word))
 102  102              + roundup(strlen(platform) + 1, sizeof (Word))
 103  103              + roundup(strlen(p->p_zone->zone_name) + 1, sizeof (Word))
 104  104              + roundup(__KERN_NAUXV_IMPL * sizeof (aux_entry_t), sizeof (Word))
 105  105              + roundup(sizeof (utsname), sizeof (Word))
 106  106              + roundup(sizeof (core_content_t), sizeof (Word))
      107 +            + roundup(sizeof (prsecflags_t), sizeof (Word))
 107  108              + (nlwp + nzomb) * roundup(sizeof (lwpsinfo_t), sizeof (Word))
 108  109              + nlwp * roundup(sizeof (lwpstatus_t), sizeof (Word))
 109  110              + nfd * roundup(sizeof (prfdinfo_t), sizeof (Word));
 110  111  
 111  112          if (curproc->p_agenttp != NULL) {
 112  113                  v[0].p_filesz += sizeof (Note) +
 113  114                      roundup(sizeof (psinfo_t), sizeof (Word));
 114  115          }
 115  116  
 116  117          size = sizeof (prcred_t) + sizeof (gid_t) * (ngroups_max - 1);
↓ open down ↓ 58 lines elided ↑ open up ↑
 175  176  #if defined(__sparc)
 176  177                  gwindows_t      gwindows;
 177  178                  asrset_t        asrset;
 178  179  #endif /* __sparc */
 179  180                  char            xregs[1];
 180  181                  aux_entry_t     auxv[__KERN_NAUXV_IMPL];
 181  182                  prcred_t        pcred;
 182  183                  prpriv_t        ppriv;
 183  184                  priv_impl_info_t prinfo;
 184  185                  struct utsname  uts;
      186 +                prsecflags_t    psecflags;
 185  187          } *bigwad;
 186  188  
 187  189          size_t xregsize = prhasx(p)? prgetprxregsize(p) : 0;
 188  190          size_t crsize = sizeof (prcred_t) + sizeof (gid_t) * (ngroups_max - 1);
 189  191          size_t psize = prgetprivsize();
 190  192          size_t bigsize = MAX(psize, MAX(sizeof (*bigwad),
 191  193              MAX(xregsize, crsize)));
 192  194  
 193  195          priv_impl_info_t *prii;
 194  196  
↓ open down ↓ 85 lines elided ↑ open up ↑
 280  282          bcopy(&utsname, &bigwad->uts, sizeof (struct utsname));
 281  283          if (!INGLOBALZONE(p)) {
 282  284                  bcopy(p->p_zone->zone_nodename, &bigwad->uts.nodename,
 283  285                      _SYS_NMLN);
 284  286          }
 285  287          error = elfnote(vp, &offset, NT_UTSNAME, sizeof (struct utsname),
 286  288              (caddr_t)&bigwad->uts, rlimit, credp);
 287  289          if (error)
 288  290                  goto done;
 289  291  
      292 +        prgetsecflags(p, &bigwad->psecflags);
      293 +        error = elfnote(vp, &offset, NT_SECFLAGS, sizeof (prsecflags_t),
      294 +            (caddr_t)&bigwad->psecflags, rlimit, credp);
      295 +        if (error)
      296 +                goto done;
      297 +
 290  298          prgetcred(p, &bigwad->pcred);
 291  299  
 292  300          if (bigwad->pcred.pr_ngroups != 0) {
 293  301                  crsize = sizeof (prcred_t) +
 294  302                      sizeof (gid_t) * (bigwad->pcred.pr_ngroups - 1);
 295  303          } else
 296  304                  crsize = sizeof (prcred_t);
 297  305  
 298  306          error = elfnote(vp, &offset, NT_PRCRED, crsize,
 299  307              (caddr_t)&bigwad->pcred, rlimit, credp);
↓ open down ↓ 280 lines elided ↑ open up ↑
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX