Print this page
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.

Split Close
Expand all
Collapse all
          --- old/exception_lists/check_rtime
          +++ new/exception_lists/check_rtime
↓ open down ↓ 64 lines elided ↑ open up ↑
  65   65  EXEC_DATA       ^lib/libc\.so\.1$       # 6524709, 32-bit, needed for x86 only
  66   66  EXEC_DATA       ^lib/amd64/libumem\.so\.1$ # ptcumem
  67   67  EXEC_DATA       ^lib/libumem\.so\.1$    # ptcumem
  68   68  EXEC_DATA       ^opt/SUNWdtrt/tst/.*/ustack/tst\.helper\.exe$
  69   69  EXEC_DATA       ^platform/.*/MACH(kernel)/unix$
  70   70  EXEC_DATA       ^platform/.*/multiboot$
  71   71  
  72   72  # Objects that are allowed to have an executable stack
  73   73  EXEC_STACK      ^platform/.*/MACH(kernel)/unix$
  74   74  EXEC_STACK      ^platform/.*/multiboot$
       75 +EXEC_STACK      ^opt/os-tests/tests/secflags/stacky$
  75   76  
  76   77  # Objects for which we allow relocations to the text segment
  77   78  TEXTREL         ^platform/.*/MACH(kernel)/unix$
  78   79  
  79   80  # Directories and files that are allowed to have no direct bound symbols
  80   81  NODIRECT        ^platform/.*/MACH(kernel)/unix$
  81   82  NODIRECT        ^usr/ucb
  82   83  NODIRECT        ^usr/4lib/sbcp$
  83   84  
  84   85  # Identify any files that should be skipped when building a crle(1)
↓ open down ↓ 152 lines elided ↑ open up ↑
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX