Print this page
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/lib/libc/inc/priv_private.h
+++ new/usr/src/lib/libc/inc/priv_private.h
1 1 /*
2 2 * CDDL HEADER START
3 3 *
4 4 * The contents of this file are subject to the terms of the
5 5 * Common Development and Distribution License (the "License").
6 6 * You may not use this file except in compliance with the License.
7 7 *
8 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 9 * or http://www.opensolaris.org/os/licensing.
10 10 * See the License for the specific language governing permissions
11 11 * and limitations under the License.
12 12 *
13 13 * When distributing Covered Code, include this CDDL HEADER in each
14 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 15 * If applicable, add the following below this CDDL HEADER, with the
16 16 * fields enclosed by brackets "[]" replaced with your own identifying
17 17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 18 *
19 19 * CDDL HEADER END
|
↓ open down ↓ |
19 lines elided |
↑ open up ↑ |
20 20 */
21 21
22 22 /*
23 23 * Copyright 2007 Sun Microsystems, Inc. All rights reserved.
24 24 * Use is subject to license terms.
25 25 */
26 26
27 27 #ifndef _PRIV_PRIVATE_H
28 28 #define _PRIV_PRIVATE_H
29 29
30 -#pragma ident "%Z%%M% %I% %E% SMI"
31 -
32 30 #include <sys/types.h>
33 31 #include <sys/priv.h>
34 32 #include <limits.h>
35 33
36 34 /*
37 35 * Libc private privilege data.
38 36 */
39 37
40 38 #ifdef __cplusplus
41 39 extern "C" {
42 40 #endif
43 41
44 42 #define LOADPRIVDATA(d) d = __priv_getdata()
45 43 #define GETPRIVDATA() __priv_getdata()
46 44 #define LOCKPRIVDATA() { \
47 45 /* Data already allocated */ \
48 46 (void) lock_data(); \
49 47 (void) refresh_data(); \
50 48 }
51 49 #define UNLOCKPRIVDATA() unlock_data()
52 50 #define WITHPRIVLOCKED(t, b, x) { \
53 51 t __result; \
54 52 if (lock_data() != 0) \
55 53 return (b); \
56 54 __result = (x); \
57 55 if (__result == (b) && refresh_data()) \
58 56 __result = (x); \
59 57 unlock_data(); \
60 58 return (__result); \
61 59 }
62 60
63 61 /*
64 62 * Privilege mask macros.
65 63 */
66 64 #define __NBWRD (CHAR_BIT * sizeof (priv_chunk_t))
67 65 #define privmask(n) (1 << ((__NBWRD - 1) - ((n) % __NBWRD)))
68 66 #define privword(n) ((n)/__NBWRD)
69 67
70 68 /*
71 69 * Same as the functions, but for numeric privileges.
72 70 */
73 71 #define PRIV_ADDSET(a, p) ((priv_chunk_t *)(a))[privword(p)] |= \
74 72 privmask(p)
75 73 #define PRIV_DELSET(a, p) ((priv_chunk_t *)(a))[privword(p)] &= \
76 74 ~privmask(p)
77 75 #define PRIV_ISMEMBER(a, p) ((((priv_chunk_t *)(a))[privword(p)] & \
78 76 privmask(p)) != 0)
79 77
80 78 /*
81 79 * The structure is static except for the setsort, privnames and nprivs
82 80 * field. The pinfo structure initially has sufficient room and the kernel
83 81 * guarantees no offset changes so we can copy a new structure on top of it.
84 82 * The locking stratgegy is this: we lock it when we need to reference any
85 83 * of the volatile fields.
86 84 */
87 85 typedef struct priv_data {
88 86 size_t pd_setsize; /* In bytes */
89 87 int pd_nsets, pd_nprivs;
90 88 uint32_t pd_ucredsize;
91 89 char **pd_setnames;
92 90 char **pd_privnames;
93 91 int *pd_setsort;
94 92 priv_impl_info_t *pd_pinfo;
95 93 priv_set_t *pd_basicset;
96 94 priv_set_t *pd_zoneset;
97 95 } priv_data_t;
98 96
99 97 extern priv_data_t *__priv_getdata(void);
100 98 extern priv_data_t *__priv_parse_info(priv_impl_info_t *);
101 99 extern void __priv_free_info(priv_data_t *);
102 100 extern priv_data_t *privdata;
103 101
104 102 extern int lock_data(void);
105 103 extern boolean_t refresh_data(void);
106 104 extern void unlock_data(void);
107 105
108 106 extern boolean_t __priv_isemptyset(priv_data_t *, const priv_set_t *);
109 107 extern boolean_t __priv_isfullset(priv_data_t *, const priv_set_t *);
110 108 extern boolean_t __priv_issubset(priv_data_t *, const priv_set_t *,
111 109 const priv_set_t *);
112 110 extern const char *__priv_getbynum(const priv_data_t *, int);
113 111
114 112 extern int getprivinfo(priv_impl_info_t *, size_t);
115 113
116 114 extern priv_set_t *priv_basic(void);
117 115
118 116 #ifdef __cplusplus
119 117 }
120 118 #endif
121 119
122 120 #endif /* _PRIV_PRIVATE_H */
|
↓ open down ↓ |
81 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX