Print this page
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.

Split Close
Expand all
Collapse all
          --- old/usr/src/lib/libproc/common/Pcore.c
          +++ new/usr/src/lib/libproc/common/Pcore.c
↓ open down ↓ 151 lines elided ↑ open up ↑
 152  152  
 153  153                  return (0);
 154  154          }
 155  155  
 156  156          errno = ENODATA;
 157  157          return (-1);
 158  158  }
 159  159  
 160  160  /*ARGSUSED*/
 161  161  static int
      162 +Psecflags_core(struct ps_prochandle *P, prsecflags_t **psf, void *data)
      163 +{
      164 +        core_info_t *core = data;
      165 +
      166 +        if (core->core_secflags == NULL) {
      167 +                errno = ENODATA;
      168 +                return (-1);
      169 +        }
      170 +
      171 +        if ((*psf = calloc(1, sizeof (prsecflags_t))) == NULL)
      172 +                return (-1);
      173 +
      174 +        (void) memcpy(*psf, core->core_secflags, sizeof (prsecflags_t));
      175 +
      176 +        return (0);
      177 +}
      178 +
      179 +/*ARGSUSED*/
      180 +static int
 162  181  Ppriv_core(struct ps_prochandle *P, prpriv_t **pprv, void *data)
 163  182  {
 164  183          core_info_t *core = data;
 165  184  
 166  185          if (core->core_priv == NULL) {
 167  186                  errno = ENODATA;
 168  187                  return (-1);
 169  188          }
 170  189  
 171  190          *pprv = malloc(core->core_priv_size);
↓ open down ↓ 43 lines elided ↑ open up ↑
 215  234                  if (core->core_cred != NULL)
 216  235                          free(core->core_cred);
 217  236                  if (core->core_priv != NULL)
 218  237                          free(core->core_priv);
 219  238                  if (core->core_privinfo != NULL)
 220  239                          __priv_free_info(core->core_privinfo);
 221  240                  if (core->core_ppii != NULL)
 222  241                          free(core->core_ppii);
 223  242                  if (core->core_zonename != NULL)
 224  243                          free(core->core_zonename);
      244 +                if (core->core_secflags != NULL)
      245 +                        free(core->core_secflags);
 225  246  #ifdef __x86
 226  247                  if (core->core_ldt != NULL)
 227  248                          free(core->core_ldt);
 228  249  #endif
 229  250  
 230  251                  free(core);
 231  252          }
 232  253  }
 233  254  
 234  255  /*ARGSUSED*/
↓ open down ↓ 66 lines elided ↑ open up ↑
 301  322  static const ps_ops_t P_core_ops = {
 302  323          .pop_pread      = Pread_core,
 303  324          .pop_pwrite     = Pwrite_core,
 304  325          .pop_cred       = Pcred_core,
 305  326          .pop_priv       = Ppriv_core,
 306  327          .pop_psinfo     = Ppsinfo_core,
 307  328          .pop_fini       = Pfini_core,
 308  329          .pop_platform   = Pplatform_core,
 309  330          .pop_uname      = Puname_core,
 310  331          .pop_zonename   = Pzonename_core,
      332 +        .pop_secflags   = Psecflags_core,
 311  333  #ifdef __x86
 312  334          .pop_ldt        = Pldt_core
 313  335  #endif
 314  336  };
 315  337  
 316  338  /*
 317  339   * Return the lwp_info_t for the given lwpid.  If no such lwpid has been
 318  340   * encountered yet, allocate a new structure and return a pointer to it.
 319  341   * Create a list of lwp_info_t structures sorted in decreasing lwp_id order.
 320  342   */
↓ open down ↓ 418 lines elided ↑ open up ↑
 739  761                          return (-1);
 740  762                  }
 741  763                  plat[nbytes - 1] = '\0';
 742  764                  core->core_platform = plat;
 743  765          }
 744  766  
 745  767          return (0);
 746  768  }
 747  769  
 748  770  static int
      771 +note_secflags(struct ps_prochandle *P, size_t nbytes)
      772 +{
      773 +        core_info_t *core = P->data;
      774 +        prsecflags_t *psf;
      775 +
      776 +        if (core->core_secflags != NULL)
      777 +                return (0);     /* Already seen */
      778 +
      779 +        if (sizeof (*psf) != nbytes) {
      780 +                dprintf("Pgrab_core: NT_SECFLAGS changed size."
      781 +                    "  Need to handle a version change?\n");
      782 +                return (-1);
      783 +        }
      784 +
      785 +        if (nbytes != 0 && ((psf = malloc(nbytes)) != NULL)) {
      786 +                if (read(P->asfd, psf, nbytes) != nbytes) {
      787 +                        dprintf("Pgrab_core: failed to read NT_SECFLAGS\n");
      788 +                        free(psf);
      789 +                        return (-1);
      790 +                }
      791 +
      792 +                core->core_secflags = psf;
      793 +        }
      794 +
      795 +        return (0);
      796 +}
      797 +
      798 +static int
 749  799  note_utsname(struct ps_prochandle *P, size_t nbytes)
 750  800  {
 751  801          core_info_t *core = P->data;
 752  802          size_t ubytes = sizeof (struct utsname);
 753  803          struct utsname *utsp;
 754  804  
 755  805          if (core->core_uts != NULL || nbytes < ubytes)
 756  806                  return (0);     /* Already seen or bad size */
 757  807  
 758  808          if ((utsp = malloc(ubytes)) == NULL)
↓ open down ↓ 414 lines elided ↑ open up ↑
1173 1223          note_cred,              /* 14   NT_PRCRED               */
1174 1224          note_utsname,           /* 15   NT_UTSNAME              */
1175 1225          note_lwpstatus,         /* 16   NT_LWPSTATUS            */
1176 1226          note_lwpsinfo,          /* 17   NT_LWPSINFO             */
1177 1227          note_priv,              /* 18   NT_PRPRIV               */
1178 1228          note_priv_info,         /* 19   NT_PRPRIVINFO           */
1179 1229          note_content,           /* 20   NT_CONTENT              */
1180 1230          note_zonename,          /* 21   NT_ZONENAME             */
1181 1231          note_fdinfo,            /* 22   NT_FDINFO               */
1182 1232          note_spymaster,         /* 23   NT_SPYMASTER            */
     1233 +        note_secflags,          /* 24   NT_SECFLAGS             */
1183 1234  };
1184 1235  
1185 1236  static void
1186 1237  core_report_mapping(struct ps_prochandle *P, GElf_Phdr *php)
1187 1238  {
1188 1239          prkillinfo_t killinfo;
1189 1240          siginfo_t *si = &killinfo.prk_info;
1190 1241          char signame[SIG2STR_MAX], sig[64], info[64];
1191 1242          void *addr = (void *)(uintptr_t)php->p_vaddr;
1192 1243  
↓ open down ↓ 1603 lines elided ↑ open up ↑
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX