Print this page
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.

*** 160,171 **** "priv" }, { PR_PATHDIR, 25 * sizeof (prdirent_t), sizeof (prdirent_t), "path" }, { PR_CTDIR, 26 * sizeof (prdirent_t), sizeof (prdirent_t), "contracts" }, #if defined(__x86) ! { PR_LDT, 27 * sizeof (prdirent_t), sizeof (prdirent_t), "ldt" }, #endif }; #define NPIDDIRFILES (sizeof (piddir) / sizeof (piddir[0]) - 2) --- 160,173 ---- "priv" }, { PR_PATHDIR, 25 * sizeof (prdirent_t), sizeof (prdirent_t), "path" }, { PR_CTDIR, 26 * sizeof (prdirent_t), sizeof (prdirent_t), "contracts" }, + { PR_SECFLAGS, 27 * sizeof (prdirent_t), sizeof (prdirent_t), + "secflags" }, #if defined(__x86) ! { PR_LDT, 28 * sizeof (prdirent_t), sizeof (prdirent_t), "ldt" }, #endif }; #define NPIDDIRFILES (sizeof (piddir) / sizeof (piddir[0]) - 2)
*** 583,593 **** pr_read_ldt(), #endif pr_read_usage(), pr_read_lusage(), pr_read_pagedata(), pr_read_watch(), pr_read_lwpstatus(), pr_read_lwpsinfo(), pr_read_lwpusage(), pr_read_xregs(), pr_read_priv(), ! pr_read_spymaster(), #if defined(__sparc) pr_read_gwindows(), pr_read_asrs(), #endif pr_read_piddir(), pr_read_pidfile(), pr_read_opagedata(); --- 585,595 ---- pr_read_ldt(), #endif pr_read_usage(), pr_read_lusage(), pr_read_pagedata(), pr_read_watch(), pr_read_lwpstatus(), pr_read_lwpsinfo(), pr_read_lwpusage(), pr_read_xregs(), pr_read_priv(), ! pr_read_spymaster(), pr_read_secflags(), #if defined(__sparc) pr_read_gwindows(), pr_read_asrs(), #endif pr_read_piddir(), pr_read_pidfile(), pr_read_opagedata();
*** 637,646 **** --- 639,649 ---- pr_read_priv, /* /proc/<pid>/priv */ pr_read_inval, /* /proc/<pid>/path */ pr_read_inval, /* /proc/<pid>/path/xxx */ pr_read_inval, /* /proc/<pid>/contracts */ pr_read_inval, /* /proc/<pid>/contracts/<ctid> */ + pr_read_secflags, /* /proc/<pid>/secflags */ pr_read_pidfile, /* old process file */ pr_read_pidfile, /* old lwp file */ pr_read_opagedata, /* old pagedata file */ };
*** 1599,1608 **** --- 1602,1630 ---- prunlock(pnp); return (pr_uioread(&psinfo, sizeof (psinfo), uiop)); } + static int + pr_read_secflags(prnode_t *pnp, uio_t *uiop) + { + prsecflags_t ret; + int error; + proc_t *p; + + ASSERT(pnp->pr_type == PR_SECFLAGS); + + if ((error = prlock(pnp, ZNO)) != 0) + return (error); + + p = pnp->pr_common->prc_proc; + prgetsecflags(p, &ret); + prunlock(pnp); + + return (pr_uioread(&ret, sizeof (ret), uiop)); + } + #if defined(__sparc) static int pr_read_gwindows(prnode_t *pnp, uio_t *uiop) {
*** 1794,1803 **** --- 1816,1826 ---- pr_read_priv, /* /proc/<pid>/priv */ pr_read_inval, /* /proc/<pid>/path */ pr_read_inval, /* /proc/<pid>/path/xxx */ pr_read_inval, /* /proc/<pid>/contracts */ pr_read_inval, /* /proc/<pid>/contracts/<ctid> */ + pr_read_secflags, /* /proc/<pid>/secflags */ pr_read_pidfile, /* old process file */ pr_read_pidfile, /* old lwp file */ pr_read_opagedata_32, /* old pagedata file */ };
*** 3037,3046 **** --- 3060,3072 ---- mutex_exit(&p->p_crlock); break; case PR_PRIV: vap->va_size = prgetprivsize(); break; + case PR_SECFLAGS: + vap->va_size = sizeof (prsecflags_t); + break; case PR_SIGACT: nsig = PROC_IS_BRANDED(curproc)? BROP(curproc)->b_nsig : NSIG; vap->va_size = (nsig-1) * PR_OBJSIZE(struct sigaction32, struct sigaction); break;
*** 3334,3343 **** --- 3360,3370 ---- pr_lookup_notdir, /* /proc/<pid>/priv */ pr_lookup_pathdir, /* /proc/<pid>/path */ pr_lookup_notdir, /* /proc/<pid>/path/xxx */ pr_lookup_ctdir, /* /proc/<pid>/contracts */ pr_lookup_notdir, /* /proc/<pid>/contracts/<ctid> */ + pr_lookup_notdir, /* /proc/<pid>/secflags */ pr_lookup_notdir, /* old process file */ pr_lookup_notdir, /* old lwp file */ pr_lookup_notdir, /* old pagedata file */ };
*** 4683,4692 **** --- 4710,4720 ---- pr_readdir_notdir, /* /proc/<pid>/priv */ pr_readdir_pathdir, /* /proc/<pid>/path */ pr_readdir_notdir, /* /proc/<pid>/path/xxx */ pr_readdir_ctdir, /* /proc/<pid>/contracts */ pr_readdir_notdir, /* /proc/<pid>/contracts/<ctid> */ + pr_readdir_notdir, /* /proc/<pid>/secflags */ pr_readdir_notdir, /* old process file */ pr_readdir_notdir, /* old lwp file */ pr_readdir_notdir, /* old pagedata file */ };