Print this page
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.
*** 52,61 ****
--- 52,62 ----
#include <sys/stack.h>
#include <sys/fault.h>
#include <sys/syscall.h>
#include <sys/sysmacros.h>
#include <sys/systeminfo.h>
+ #include <sys/secflags.h>
#include "libproc.h"
#include "Pcontrol.h"
#include "Putil.h"
#include "P32ton.h"
*** 174,183 ****
--- 175,191 ----
Pcred_live(struct ps_prochandle *P, prcred_t *pcrp, int ngroups, void *data)
{
return (proc_get_cred(P->pid, pcrp, ngroups));
}
+ /* ARGSUSED */
+ static int
+ Psecflags_live(struct ps_prochandle *P, prsecflags_t **psf, void *data)
+ {
+ return (proc_get_secflags(P->pid, psf));
+ }
+
/*ARGSUSED*/
static int
Ppriv_live(struct ps_prochandle *P, prpriv_t **pprv, void *data)
{
prpriv_t *pp;
*** 324,333 ****
--- 332,342 ----
.pop_lpsinfo = Plpsinfo_live,
.pop_platform = Pplatform_live,
.pop_uname = Puname_live,
.pop_zonename = Pzonename_live,
.pop_execname = Pexecname_live,
+ .pop_secflags = Psecflags_live,
#if defined(__i386) || defined(__amd64)
.pop_ldt = Pldt_live
#endif
};
*** 1291,1300 ****
--- 1300,1331 ----
Pcred(struct ps_prochandle *P, prcred_t *pcrp, int ngroups)
{
return (P->ops.pop_cred(P, pcrp, ngroups, P->data));
}
+ /* Return an allocated prsecflags_t */
+ int
+ Psecflags(struct ps_prochandle *P, prsecflags_t **psf)
+ {
+ int ret;
+
+ if ((ret = P->ops.pop_secflags(P, psf, P->data)) == 0) {
+ if ((*psf)->pr_version != PRSECFLAGS_VERSION_1) {
+ errno = EINVAL;
+ return (-1);
+ }
+ }
+
+ return (ret);
+ }
+
+ void
+ Psecflags_free(prsecflags_t *psf)
+ {
+ free(psf);
+ }
+
static prheader_t *
Plstatus(struct ps_prochandle *P)
{
return (P->ops.pop_lstatus(P, P->data));
}