Print this page
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.

@@ -157,10 +157,29 @@
         return (-1);
 }
 
 /*ARGSUSED*/
 static int
+Psecflags_core(struct ps_prochandle *P, prsecflags_t **psf, void *data)
+{
+        core_info_t *core = data;
+
+        if (core->core_secflags == NULL) {
+                errno = ENODATA;
+                return (-1);
+        }
+
+        if ((*psf = calloc(1, sizeof (prsecflags_t))) == NULL)
+                return (-1);
+
+        (void) memcpy(*psf, core->core_secflags, sizeof (prsecflags_t));
+
+        return (0);
+}
+
+/*ARGSUSED*/
+static int
 Ppriv_core(struct ps_prochandle *P, prpriv_t **pprv, void *data)
 {
         core_info_t *core = data;
 
         if (core->core_priv == NULL) {

@@ -220,10 +239,12 @@
                         __priv_free_info(core->core_privinfo);
                 if (core->core_ppii != NULL)
                         free(core->core_ppii);
                 if (core->core_zonename != NULL)
                         free(core->core_zonename);
+                if (core->core_secflags != NULL)
+                        free(core->core_secflags);
 #ifdef __x86
                 if (core->core_ldt != NULL)
                         free(core->core_ldt);
 #endif
 

@@ -306,10 +327,11 @@
         .pop_psinfo     = Ppsinfo_core,
         .pop_fini       = Pfini_core,
         .pop_platform   = Pplatform_core,
         .pop_uname      = Puname_core,
         .pop_zonename   = Pzonename_core,
+        .pop_secflags   = Psecflags_core,
 #ifdef __x86
         .pop_ldt        = Pldt_core
 #endif
 };
 

@@ -744,10 +766,38 @@
 
         return (0);
 }
 
 static int
+note_secflags(struct ps_prochandle *P, size_t nbytes)
+{
+        core_info_t *core = P->data;
+        prsecflags_t *psf;
+
+        if (core->core_secflags != NULL)
+                return (0);     /* Already seen */
+
+        if (sizeof (*psf) != nbytes) {
+                dprintf("Pgrab_core: NT_SECFLAGS changed size."
+                    "  Need to handle a version change?\n");
+                return (-1);
+        }
+
+        if (nbytes != 0 && ((psf = malloc(nbytes)) != NULL)) {
+                if (read(P->asfd, psf, nbytes) != nbytes) {
+                        dprintf("Pgrab_core: failed to read NT_SECFLAGS\n");
+                        free(psf);
+                        return (-1);
+                }
+
+                core->core_secflags = psf;
+        }
+
+        return (0);
+}
+
+static int
 note_utsname(struct ps_prochandle *P, size_t nbytes)
 {
         core_info_t *core = P->data;
         size_t ubytes = sizeof (struct utsname);
         struct utsname *utsp;

@@ -1178,10 +1228,11 @@
         note_priv_info,         /* 19   NT_PRPRIVINFO           */
         note_content,           /* 20   NT_CONTENT              */
         note_zonename,          /* 21   NT_ZONENAME             */
         note_fdinfo,            /* 22   NT_FDINFO               */
         note_spymaster,         /* 23   NT_SPYMASTER            */
+        note_secflags,          /* 24   NT_SECFLAGS             */
 };
 
 static void
 core_report_mapping(struct ps_prochandle *P, GElf_Phdr *php)
 {