Print this page 
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.


1132                                 (void) strcpy(q, pname);
1133                                 q += strlen(q);
1134                         }
1135                 }
1136                 sz = (q - buf) + 1;
1137         }
1138 
1139         adr_short(&adr, &sz, 1);
1140         token->len = (uchar_t)adr_count(&adr);
1141 
1142         m = au_getclr();
1143         (void) au_append_buf(buf, sz, m);
1144         (void) au_append_rec(token, m, AU_PACK);
1145 
1146         if (!full)
1147                 kmem_free(buf, maxprivbytes);
1148 
1149         return (token);
1150 }
1151 


































1152 /*
1153  * au_to_label
1154  * returns:
1155  *      pointer to au_membuf chain containing a label token.
1156  */
1157 token_t *
1158 au_to_label(bslabel_t *label)
1159 {
1160         token_t *m;                     /* local au_membuf */
1161         adr_t adr;                      /* adr memory stream header */
1162         char data_header = AUT_LABEL;   /* header for this token */
1163 
1164         m = au_getclr();
1165 
1166         adr_start(&adr, memtod(m, char *));
1167         adr_char(&adr, &data_header, 1);
1168         adr_char(&adr, (char *)label, sizeof (_mac_label_impl_t));
1169 
1170         m->len = adr_count(&adr);
1171 



1132                                 (void) strcpy(q, pname);
1133                                 q += strlen(q);
1134                         }
1135                 }
1136                 sz = (q - buf) + 1;
1137         }
1138 
1139         adr_short(&adr, &sz, 1);
1140         token->len = (uchar_t)adr_count(&adr);
1141 
1142         m = au_getclr();
1143         (void) au_append_buf(buf, sz, m);
1144         (void) au_append_rec(token, m, AU_PACK);
1145 
1146         if (!full)
1147                 kmem_free(buf, maxprivbytes);
1148 
1149         return (token);
1150 }
1151 
1152 token_t *
1153 au_to_secflags(const char *which, secflagset_t set)
1154 {
1155         token_t *token, *m;
1156         adr_t adr;
1157         char data_header = AUT_SECFLAGS;
1158         short sz;
1159         char secstr[1024];
1160 
1161         token = au_getclr();
1162 
1163         adr_start(&adr, memtod(token, char *));
1164         adr_char(&adr, &data_header, 1);
1165 
1166         sz = strlen(which) + 1;
1167         adr_short(&adr, &sz, 1);
1168 
1169         token->len = (uchar_t)adr_count(&adr);
1170         m = au_getclr();
1171         (void) au_append_buf(which, sz, m);
1172         (void) au_append_rec(token, m, AU_PACK);
1173         adr.adr_now += sz;
1174 
1175         secflags_to_str(set, secstr, sizeof (secstr));
1176         sz = strlen(secstr) + 1;
1177         adr_short(&adr, &sz, 1);
1178         token->len = (uchar_t)adr_count(&adr);
1179         m = au_getclr();
1180         (void) au_append_buf(secstr, sz, m);
1181         (void) au_append_rec(token, m, AU_PACK);
1182 
1183         return (token);
1184 }
1185 
1186 /*
1187  * au_to_label
1188  * returns:
1189  *      pointer to au_membuf chain containing a label token.
1190  */
1191 token_t *
1192 au_to_label(bslabel_t *label)
1193 {
1194         token_t *m;                     /* local au_membuf */
1195         adr_t adr;                      /* adr memory stream header */
1196         char data_header = AUT_LABEL;   /* header for this token */
1197 
1198         m = au_getclr();
1199 
1200         adr_start(&adr, memtod(m, char *));
1201         adr_char(&adr, &data_header, 1);
1202         adr_char(&adr, (char *)label, sizeof (_mac_label_impl_t));
1203 
1204         m->len = adr_count(&adr);
1205