Print this page
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.

@@ -1147,10 +1147,44 @@
                 kmem_free(buf, maxprivbytes);
 
         return (token);
 }
 
+token_t *
+au_to_secflags(const char *which, secflagset_t set)
+{
+        token_t *token, *m;
+        adr_t adr;
+        char data_header = AUT_SECFLAGS;
+        short sz;
+        char secstr[1024];
+
+        token = au_getclr();
+
+        adr_start(&adr, memtod(token, char *));
+        adr_char(&adr, &data_header, 1);
+
+        sz = strlen(which) + 1;
+        adr_short(&adr, &sz, 1);
+
+        token->len = (uchar_t)adr_count(&adr);
+        m = au_getclr();
+        (void) au_append_buf(which, sz, m);
+        (void) au_append_rec(token, m, AU_PACK);
+        adr.adr_now += sz;
+
+        secflags_to_str(set, secstr, sizeof (secstr));
+        sz = strlen(secstr) + 1;
+        adr_short(&adr, &sz, 1);
+        token->len = (uchar_t)adr_count(&adr);
+        m = au_getclr();
+        (void) au_append_buf(secstr, sz, m);
+        (void) au_append_rec(token, m, AU_PACK);
+
+        return (token);
+}
+
 /*
  * au_to_label
  * returns:
  *      pointer to au_membuf chain containing a label token.
  */