Print this page
Code review comments from jeffpc
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.
@@ -62,10 +62,11 @@
#include <sys/pset.h>
#include <sys/procfs_isa.h>
#include <sys/priv.h>
#include <sys/stat.h>
#include <sys/param.h>
+#include <sys/secflags.h>
/*
* System call interfaces for /proc.
*/
@@ -396,10 +397,21 @@
uint32_t pr_setsize; /* size of privilege set */
uint32_t pr_infosize; /* size of supplementary data */
priv_chunk_t pr_sets[1]; /* array of sets */
} prpriv_t;
+#define PRSECFLAGS_VERSION_1 1
+#define PRSECFLAGS_VERSION_CURRENT PRSECFLAGS_VERSION_1
+typedef struct prsecflags {
+ uint32_t pr_version;
+ char pr_pad[4];
+ secflagset_t pr_effective;
+ secflagset_t pr_inherit;
+ secflagset_t pr_lower;
+ secflagset_t pr_upper;
+} prsecflags_t;
+
/*
* Watchpoint interface. PCWATCH and /proc/<pid>/watch
*/
typedef struct prwatch {
uintptr_t pr_vaddr; /* virtual address of watched area */