Print this page
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.

Split Close
Expand all
Collapse all
          --- old/usr/src/lib/libproc/common/Putil.c
          +++ new/usr/src/lib/libproc/common/Putil.c
↓ open down ↓ 186 lines elided ↑ open up ↑
 187  187          .pop_priv       = (pop_priv_t)Pdefault_int,
 188  188          .pop_psinfo     = (pop_psinfo_t)Pdefault_voidp,
 189  189          .pop_status     = (pop_status_t)Pdefault_void,
 190  190          .pop_lstatus    = (pop_lstatus_t)Pdefault_voidp,
 191  191          .pop_lpsinfo    = (pop_lpsinfo_t)Pdefault_voidp,
 192  192          .pop_fini       = (pop_fini_t)Pdefault_void,
 193  193          .pop_platform   = (pop_platform_t)Pdefault_voidp,
 194  194          .pop_uname      = (pop_uname_t)Pdefault_int,
 195  195          .pop_zonename   = (pop_zonename_t)Pdefault_voidp,
 196  196          .pop_execname   = (pop_execname_t)Pdefault_voidp,
      197 +        .pop_secflags   = (pop_secflags_t)Pdefault_int,
 197  198  #if defined(__i386) || defined(__amd64)
 198  199          .pop_ldt        = (pop_ldt_t)Pdefault_int
 199  200  #endif
 200  201  };
 201  202  
 202  203  /*
 203  204   * Initialize the destination ops vector with functions from the source.
 204  205   * Functions which are NULL in the source ops vector are set to corresponding
 205  206   * default function in the destination vector.
 206  207   */
↓ open down ↓ 25 lines elided ↑ open up ↑
 232  233          if (src->pop_fini != NULL)
 233  234                  dst->pop_fini = src->pop_fini;
 234  235          if (src->pop_platform != NULL)
 235  236                  dst->pop_platform = src->pop_platform;
 236  237          if (src->pop_uname != NULL)
 237  238                  dst->pop_uname = src->pop_uname;
 238  239          if (src->pop_zonename != NULL)
 239  240                  dst->pop_zonename = src->pop_zonename;
 240  241          if (src->pop_execname != NULL)
 241  242                  dst->pop_execname = src->pop_execname;
      243 +        if (src->pop_secflags != NULL)
      244 +                dst->pop_secflags = src->pop_secflags;
 242  245  #if defined(__i386) || defined(__amd64)
 243  246          if (src->pop_ldt != NULL)
 244  247                  dst->pop_ldt = src->pop_ldt;
 245  248  #endif
 246  249  }
    
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX