Print this page
Code review comments from pmooney (sundry), and igork (screwups in zonecfg refactoring)
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.

@@ -61,11 +61,11 @@
 int     access(char *, int);
 int     alarm(int);
 int     auditsys(struct auditcalls *, rval_t *);
 int64_t brandsys(int, uintptr_t, uintptr_t, uintptr_t, uintptr_t, uintptr_t,
     uintptr_t);
-int     brk(caddr_t);
+intptr_t        brk(caddr_t);
 int     chdir(char *);
 int     chmod(char *, int);
 int     chown(char *, uid_t, gid_t);
 int     chroot(char *);
 int     cladm(int, int, void *);

@@ -110,10 +110,11 @@
 int     pause();
 long    pcsample(void *, long);
 int     privsys(int, priv_op_t, priv_ptype_t, void *, size_t, int);
 int     profil(unsigned short *, size_t, ulong_t, uint_t);
 ssize_t pread(int, void *, size_t, off_t);
+int     psecflags(procset_t *, psecflagwhich_t, secflagdelta_t *);
 ssize_t pwrite(int, void *, size_t, off_t);
 ssize_t read(int, void *, size_t);
 int     rename(char *, char *);
 int     renameat(int, char *, int, char *);
 void    rexit(int);

@@ -437,11 +438,11 @@
 {
         /*  0 */ IF_LP64(
                         SYSENT_NOSYS(),
                         SYSENT_C("indir",       indir,          1)),
         /*  1 */ SYSENT_CI("exit",              rexit,          1),
-        /*  2 */ SYSENT_LOADABLE(),                     /* (was forkall) */
+        /*  2 */ SYSENT_CI("psecflags",         psecflags,      3),
         /*  3 */ SYSENT_CL("read",              read,           3),
         /*  4 */ SYSENT_CL("write",             write,          3),
         /*  5 */ SYSENT_CI("open",              open,           3),
         /*  6 */ SYSENT_CI("close",             close,          1),
         /*  7 */ SYSENT_CI("linkat",            linkat,         5),

@@ -818,11 +819,11 @@
  */
 struct sysent sysent32[NSYSCALL] =
 {
         /*  0 */ SYSENT_C("indir",              indir,          1),
         /*  1 */ SYSENT_CI("exit",      (int (*)())rexit,       1),
-        /*  2 */ SYSENT_LOADABLE32(),                   /* (was forkall) */
+        /*  2 */ SYSENT_CI("psecflags",         psecflags,      3),
         /*  3 */ SYSENT_CI("read",              read32,         3),
         /*  4 */ SYSENT_CI("write",             write32,        3),
         /*  5 */ SYSENT_CI("open",              open32,         3),
         /*  6 */ SYSENT_CI("close",             close,          1),
         /*  7 */ SYSENT_CI("linkat",            linkat,         5),