Print this page
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.

@@ -160,12 +160,14 @@
                 "priv" },
         { PR_PATHDIR,   25 * sizeof (prdirent_t), sizeof (prdirent_t),
                 "path" },
         { PR_CTDIR,     26 * sizeof (prdirent_t), sizeof (prdirent_t),
                 "contracts" },
+        { PR_SECFLAGS,  27 * sizeof (prdirent_t), sizeof (prdirent_t),
+                "secflags" },
 #if defined(__x86)
-        { PR_LDT,       27 * sizeof (prdirent_t), sizeof (prdirent_t),
+        { PR_LDT,       28 * sizeof (prdirent_t), sizeof (prdirent_t),
                 "ldt" },
 #endif
 };
 
 #define NPIDDIRFILES    (sizeof (piddir) / sizeof (piddir[0]) - 2)

@@ -583,11 +585,11 @@
         pr_read_ldt(),
 #endif
         pr_read_usage(), pr_read_lusage(), pr_read_pagedata(),
         pr_read_watch(), pr_read_lwpstatus(), pr_read_lwpsinfo(),
         pr_read_lwpusage(), pr_read_xregs(), pr_read_priv(),
-        pr_read_spymaster(),
+        pr_read_spymaster(), pr_read_secflags(),
 #if defined(__sparc)
         pr_read_gwindows(), pr_read_asrs(),
 #endif
         pr_read_piddir(), pr_read_pidfile(), pr_read_opagedata();
 

@@ -637,10 +639,11 @@
         pr_read_priv,           /* /proc/<pid>/priv                     */
         pr_read_inval,          /* /proc/<pid>/path                     */
         pr_read_inval,          /* /proc/<pid>/path/xxx                 */
         pr_read_inval,          /* /proc/<pid>/contracts                */
         pr_read_inval,          /* /proc/<pid>/contracts/<ctid>         */
+        pr_read_secflags,       /* /proc/<pid>/secflags                 */
         pr_read_pidfile,        /* old process file                     */
         pr_read_pidfile,        /* old lwp file                         */
         pr_read_opagedata,      /* old pagedata file                    */
 };
 

@@ -1599,10 +1602,29 @@
         prunlock(pnp);
 
         return (pr_uioread(&psinfo, sizeof (psinfo), uiop));
 }
 
+static int
+pr_read_secflags(prnode_t *pnp, uio_t *uiop)
+{
+        prsecflags_t ret;
+        int error;
+        proc_t *p;
+
+        ASSERT(pnp->pr_type == PR_SECFLAGS);
+
+        if ((error = prlock(pnp, ZNO)) != 0)
+                return (error);
+
+        p = pnp->pr_common->prc_proc;
+        prgetsecflags(p, &ret);
+        prunlock(pnp);
+
+        return (pr_uioread(&ret, sizeof (ret), uiop));
+}
+
 #if defined(__sparc)
 
 static int
 pr_read_gwindows(prnode_t *pnp, uio_t *uiop)
 {

@@ -1794,10 +1816,11 @@
         pr_read_priv,           /* /proc/<pid>/priv                     */
         pr_read_inval,          /* /proc/<pid>/path                     */
         pr_read_inval,          /* /proc/<pid>/path/xxx                 */
         pr_read_inval,          /* /proc/<pid>/contracts                */
         pr_read_inval,          /* /proc/<pid>/contracts/<ctid>         */
+        pr_read_secflags,       /* /proc/<pid>/secflags                 */
         pr_read_pidfile,        /* old process file                     */
         pr_read_pidfile,        /* old lwp file                         */
         pr_read_opagedata_32,   /* old pagedata file                    */
 };
 

@@ -3037,10 +3060,13 @@
                 mutex_exit(&p->p_crlock);
                 break;
         case PR_PRIV:
                 vap->va_size = prgetprivsize();
                 break;
+        case PR_SECFLAGS:
+                vap->va_size = sizeof (prsecflags_t);
+                break;
         case PR_SIGACT:
                 nsig = PROC_IS_BRANDED(curproc)? BROP(curproc)->b_nsig : NSIG;
                 vap->va_size = (nsig-1) *
                     PR_OBJSIZE(struct sigaction32, struct sigaction);
                 break;

@@ -3334,10 +3360,11 @@
         pr_lookup_notdir,       /* /proc/<pid>/priv                     */
         pr_lookup_pathdir,      /* /proc/<pid>/path                     */
         pr_lookup_notdir,       /* /proc/<pid>/path/xxx                 */
         pr_lookup_ctdir,        /* /proc/<pid>/contracts                */
         pr_lookup_notdir,       /* /proc/<pid>/contracts/<ctid>         */
+        pr_lookup_notdir,       /* /proc/<pid>/secflags                 */
         pr_lookup_notdir,       /* old process file                     */
         pr_lookup_notdir,       /* old lwp file                         */
         pr_lookup_notdir,       /* old pagedata file                    */
 };
 

@@ -4683,10 +4710,11 @@
         pr_readdir_notdir,      /* /proc/<pid>/priv                     */
         pr_readdir_pathdir,     /* /proc/<pid>/path                     */
         pr_readdir_notdir,      /* /proc/<pid>/path/xxx                 */
         pr_readdir_ctdir,       /* /proc/<pid>/contracts                */
         pr_readdir_notdir,      /* /proc/<pid>/contracts/<ctid>         */
+        pr_readdir_notdir,      /* /proc/<pid>/secflags                 */
         pr_readdir_notdir,      /* old process file                     */
         pr_readdir_notdir,      /* old lwp file                         */
         pr_readdir_notdir,      /* old pagedata file                    */
 };