Print this page
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.
*** 75,84 ****
--- 75,85 ----
#include <sys/vfs_opreg.h>
#include <fs/sockfs/sockcommon.h>
#include <netinet/in.h>
#include <sys/ddi.h>
#include <sys/port_impl.h>
+ #include <sys/secflags.h>
static au_event_t aui_fchownat(au_event_t);
static au_event_t aui_fchmodat(au_event_t);
static au_event_t aui_open(au_event_t);
static au_event_t aui_openat(au_event_t);
*** 100,109 ****
--- 101,111 ----
static au_event_t aui_privsys(au_event_t);
static au_event_t aui_forksys(au_event_t);
static au_event_t aui_labelsys(au_event_t);
static au_event_t aui_setpgrp(au_event_t);
+
static void aus_exit(struct t_audit_data *);
static void aus_open(struct t_audit_data *);
static void aus_openat(struct t_audit_data *);
static void aus_acl(struct t_audit_data *);
static void aus_acct(struct t_audit_data *);
*** 202,212 ****
*/
aui_null, AUE_NULL, aus_null, /* 0 unused (indirect) */
auf_null, 0,
aui_null, AUE_EXIT, aus_exit, /* 1 exit */
auf_null, S2E_NPT,
! aui_null, AUE_NULL, aus_null, /* 2 (loadable) was forkall */
auf_null, 0,
aui_null, AUE_READ, aus_null, /* 3 read */
auf_read, S2E_PUB,
aui_null, AUE_WRITE, aus_null, /* 4 write */
auf_write, 0,
--- 204,214 ----
*/
aui_null, AUE_NULL, aus_null, /* 0 unused (indirect) */
auf_null, 0,
aui_null, AUE_EXIT, aus_exit, /* 1 exit */
auf_null, S2E_NPT,
! aui_null, AUE_PSECFLAGS, aus_null, /* 2 psecflags */
auf_null, 0,
aui_null, AUE_READ, aus_null, /* 3 read */
auf_read, S2E_PUB,
aui_null, AUE_WRITE, aus_null, /* 4 write */
auf_write, 0,
*** 741,750 ****
--- 743,753 ----
rval = (uint32_t)uap->rval;
au_uwrite(au_to_arg32(1, "exit status", rval));
}
+
/* acct start function */
/*ARGSUSED*/
static void
aus_acct(struct t_audit_data *tad)
{