Print this page
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.
@@ -157,10 +157,29 @@
return (-1);
}
/*ARGSUSED*/
static int
+Psecflags_core(struct ps_prochandle *P, prsecflags_t **psf, void *data)
+{
+ core_info_t *core = data;
+
+ if (core->core_secflags == NULL) {
+ errno = ENODATA;
+ return (-1);
+ }
+
+ if ((*psf = calloc(1, sizeof (prsecflags_t))) == NULL)
+ return (-1);
+
+ (void) memcpy(*psf, core->core_secflags, sizeof (prsecflags_t));
+
+ return (0);
+}
+
+/*ARGSUSED*/
+static int
Ppriv_core(struct ps_prochandle *P, prpriv_t **pprv, void *data)
{
core_info_t *core = data;
if (core->core_priv == NULL) {
@@ -220,10 +239,12 @@
__priv_free_info(core->core_privinfo);
if (core->core_ppii != NULL)
free(core->core_ppii);
if (core->core_zonename != NULL)
free(core->core_zonename);
+ if (core->core_secflags != NULL)
+ free(core->core_secflags);
#ifdef __x86
if (core->core_ldt != NULL)
free(core->core_ldt);
#endif
@@ -306,10 +327,11 @@
.pop_psinfo = Ppsinfo_core,
.pop_fini = Pfini_core,
.pop_platform = Pplatform_core,
.pop_uname = Puname_core,
.pop_zonename = Pzonename_core,
+ .pop_secflags = Psecflags_core,
#ifdef __x86
.pop_ldt = Pldt_core
#endif
};
@@ -744,10 +766,38 @@
return (0);
}
static int
+note_secflags(struct ps_prochandle *P, size_t nbytes)
+{
+ core_info_t *core = P->data;
+ prsecflags_t *psf;
+
+ if (core->core_secflags != NULL)
+ return (0); /* Already seen */
+
+ if (sizeof (*psf) != nbytes) {
+ dprintf("Pgrab_core: NT_SECFLAGS changed size."
+ " Need to handle a version change?\n");
+ return (-1);
+ }
+
+ if (nbytes != 0 && ((psf = malloc(nbytes)) != NULL)) {
+ if (read(P->asfd, psf, nbytes) != nbytes) {
+ dprintf("Pgrab_core: failed to read NT_SECFLAGS\n");
+ free(psf);
+ return (-1);
+ }
+
+ core->core_secflags = psf;
+ }
+
+ return (0);
+}
+
+static int
note_utsname(struct ps_prochandle *P, size_t nbytes)
{
core_info_t *core = P->data;
size_t ubytes = sizeof (struct utsname);
struct utsname *utsp;
@@ -1178,10 +1228,11 @@
note_priv_info, /* 19 NT_PRPRIVINFO */
note_content, /* 20 NT_CONTENT */
note_zonename, /* 21 NT_ZONENAME */
note_fdinfo, /* 22 NT_FDINFO */
note_spymaster, /* 23 NT_SPYMASTER */
+ note_secflags, /* 24 NT_SECFLAGS */
};
static void
core_report_mapping(struct ps_prochandle *P, GElf_Phdr *php)
{