il_7029 Sdiff usr/src/lib/auditd_plugins/syslog/systoken.c

Print this page

7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.

1454 /*
1455  * -----------------------------------------------------------------------
1456  * privilege_token()    : Process privilege token and display contents
1457  *
1458  * Format of privilege token:
1459  *      privilege token id      adr_char
1460  *      privilege type          adr_string
1461  *      privilege               adr_string
1462  * -----------------------------------------------------------------------
1463  */
1464 
1465 int
1466 privilege_token(parse_context_t *ctx)
1467 {
1468         skip_bytes(ctx);
1469         skip_bytes(ctx);
1470 
1471         return (0);
1472 }
1473 


















1474 
1475 /*
1476  * Format of label token:
1477  *      label ID                1 byte
1478  *      compartment length      1 byte
1479  *      classification          2 bytes
1480  *      compartment words       <compartment length> * 4 bytes
1481  */
1482 int
1483 label_token(parse_context_t *ctx)
1484 {
1485         char    c;
1486 
1487         ctx->adr.adr_now += sizeof (char);   /* label ID */
1488         adrm_char(&(ctx->adr), &c, 1);
1489 
1490         ctx->adr.adr_now += sizeof (ushort_t);       /* classification */
1491         ctx->adr.adr_now += 4 * c;           /* compartments */
1492 
1493         return (0);

1454 /*
1455  * -----------------------------------------------------------------------
1456  * privilege_token()    : Process privilege token and display contents
1457  *
1458  * Format of privilege token:
1459  *      privilege token id      adr_char
1460  *      privilege type          adr_string
1461  *      privilege               adr_string
1462  * -----------------------------------------------------------------------
1463  */
1464 
1465 int
1466 privilege_token(parse_context_t *ctx)
1467 {
1468         skip_bytes(ctx);
1469         skip_bytes(ctx);
1470 
1471         return (0);
1472 }
1473 
1474 /*
1475  * -----------------------------------------------------------------------
1476  * secflags_token()     : Process secflags token and display contents
1477  *
1478  * Format of privilege token:
1479  *      secflags token id       adr_char
1480  *      secflag set name        adr_string
1481  *      secflags                adr_string
1482  * -----------------------------------------------------------------------
1483  */
1484 int
1485 secflags_token(parse_context_t *ctx)
1486 {
1487         skip_bytes(ctx);
1488         skip_bytes(ctx);
1489 
1490         return (0);
1491 }
1492 
1493 /*
1494  * Format of label token:
1495  *      label ID                1 byte
1496  *      compartment length      1 byte
1497  *      classification          2 bytes
1498  *      compartment words       <compartment length> * 4 bytes
1499  */
1500 int
1501 label_token(parse_context_t *ctx)
1502 {
1503         char    c;
1504 
1505         ctx->adr.adr_now += sizeof (char);   /* label ID */
1506         adrm_char(&(ctx->adr), &c, 1);
1507 
1508         ctx->adr.adr_now += sizeof (ushort_t);       /* classification */
1509         ctx->adr.adr_now += 4 * c;           /* compartments */
1510 
1511         return (0);