Print this page
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.

Split Close
Expand all
Collapse all
          --- old/usr/src/uts/common/sys/proc.h
          +++ new/usr/src/uts/common/sys/proc.h
↓ open down ↓ 40 lines elided ↑ open up ↑
  41   41  #endif
  42   42  #include <sys/utrap.h>
  43   43  #include <sys/model.h>
  44   44  #include <sys/refstr.h>
  45   45  #include <sys/avl.h>
  46   46  #include <sys/rctl.h>
  47   47  #include <sys/list.h>
  48   48  #include <sys/avl.h>
  49   49  #include <sys/door_impl.h>
  50   50  #include <sys/signalfd.h>
       51 +#include <sys/secflags.h>
  51   52  
  52   53  #ifdef  __cplusplus
  53   54  extern "C" {
  54   55  #endif
  55   56  
  56   57  /*
  57   58   * Profile arguments.
  58   59   */
  59   60  struct prof {
  60   61          void            *pr_base;       /* buffer base */
↓ open down ↓ 281 lines elided ↑ open up ↑
 342  343          void            *p_dtrace_helpers; /* DTrace helpers, if any */
 343  344          struct pool     *p_pool;        /* pointer to containing pool */
 344  345          kcondvar_t      p_poolcv;       /* synchronization with pools */
 345  346          uint_t          p_poolcnt;      /* # threads inside pool barrier */
 346  347          uint_t          p_poolflag;     /* pool-related flags (see below) */
 347  348          uintptr_t       p_portcnt;      /* event ports counter */
 348  349          struct zone     *p_zone;        /* zone in which process lives */
 349  350          struct vnode    *p_execdir;     /* directory that p_exec came from */
 350  351          struct brand    *p_brand;       /* process's brand  */
 351  352          void            *p_brand_data;  /* per-process brand state */
      353 +        psecflags_t     p_secflags;     /* per-process security flags */
 352  354  
 353  355          /* additional lock to protect p_sessp (but not its contents) */
 354  356          kmutex_t p_splock;
 355  357          rctl_qty_t      p_locked_mem;   /* locked memory charged to proc */
 356  358                                          /* protected by p_lock */
 357  359          rctl_qty_t      p_crypto_mem;   /* /dev/crypto memory charged to proc */
 358  360                                          /* protected by p_lock */
 359  361          clock_t p_ttime;                /* buffered task time */
 360  362  
 361  363          /*
↓ open down ↓ 461 lines elided ↑ open up ↑
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX