Print this page
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.
*** 92,111 ****
}
mutex_exit(&fip->fi_lock);
v[0].p_type = PT_NOTE;
v[0].p_flags = PF_R;
! v[0].p_filesz = (sizeof (Note) * (9 + 2 * nlwp + nzomb + nfd))
+ roundup(sizeof (psinfo_t), sizeof (Word))
+ roundup(sizeof (pstatus_t), sizeof (Word))
+ roundup(prgetprivsize(), sizeof (Word))
+ roundup(priv_get_implinfo_size(), sizeof (Word))
+ roundup(strlen(platform) + 1, sizeof (Word))
+ roundup(strlen(p->p_zone->zone_name) + 1, sizeof (Word))
+ roundup(__KERN_NAUXV_IMPL * sizeof (aux_entry_t), sizeof (Word))
+ roundup(sizeof (utsname), sizeof (Word))
+ roundup(sizeof (core_content_t), sizeof (Word))
+ (nlwp + nzomb) * roundup(sizeof (lwpsinfo_t), sizeof (Word))
+ nlwp * roundup(sizeof (lwpstatus_t), sizeof (Word))
+ nfd * roundup(sizeof (prfdinfo_t), sizeof (Word));
if (curproc->p_agenttp != NULL) {
--- 92,112 ----
}
mutex_exit(&fip->fi_lock);
v[0].p_type = PT_NOTE;
v[0].p_flags = PF_R;
! v[0].p_filesz = (sizeof (Note) * (10 + 2 * nlwp + nzomb + nfd))
+ roundup(sizeof (psinfo_t), sizeof (Word))
+ roundup(sizeof (pstatus_t), sizeof (Word))
+ roundup(prgetprivsize(), sizeof (Word))
+ roundup(priv_get_implinfo_size(), sizeof (Word))
+ roundup(strlen(platform) + 1, sizeof (Word))
+ roundup(strlen(p->p_zone->zone_name) + 1, sizeof (Word))
+ roundup(__KERN_NAUXV_IMPL * sizeof (aux_entry_t), sizeof (Word))
+ roundup(sizeof (utsname), sizeof (Word))
+ roundup(sizeof (core_content_t), sizeof (Word))
+ + roundup(sizeof (prsecflags_t), sizeof (Word))
+ (nlwp + nzomb) * roundup(sizeof (lwpsinfo_t), sizeof (Word))
+ nlwp * roundup(sizeof (lwpstatus_t), sizeof (Word))
+ nfd * roundup(sizeof (prfdinfo_t), sizeof (Word));
if (curproc->p_agenttp != NULL) {
*** 180,189 ****
--- 181,191 ----
aux_entry_t auxv[__KERN_NAUXV_IMPL];
prcred_t pcred;
prpriv_t ppriv;
priv_impl_info_t prinfo;
struct utsname uts;
+ prsecflags_t psecflags;
} *bigwad;
size_t xregsize = prhasx(p)? prgetprxregsize(p) : 0;
size_t crsize = sizeof (prcred_t) + sizeof (gid_t) * (ngroups_max - 1);
size_t psize = prgetprivsize();
*** 285,294 ****
--- 287,302 ----
error = elfnote(vp, &offset, NT_UTSNAME, sizeof (struct utsname),
(caddr_t)&bigwad->uts, rlimit, credp);
if (error)
goto done;
+ prgetsecflags(p, &bigwad->psecflags);
+ error = elfnote(vp, &offset, NT_SECFLAGS, sizeof (prsecflags_t),
+ (caddr_t)&bigwad->psecflags, rlimit, credp);
+ if (error)
+ goto done;
+
prgetcred(p, &bigwad->pcred);
if (bigwad->pcred.pr_ngroups != 0) {
crsize = sizeof (prcred_t) +
sizeof (gid_t) * (bigwad->pcred.pr_ngroups - 1);