Print this page
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.
@@ -160,12 +160,14 @@
"priv" },
{ PR_PATHDIR, 25 * sizeof (prdirent_t), sizeof (prdirent_t),
"path" },
{ PR_CTDIR, 26 * sizeof (prdirent_t), sizeof (prdirent_t),
"contracts" },
+ { PR_SECFLAGS, 27 * sizeof (prdirent_t), sizeof (prdirent_t),
+ "secflags" },
#if defined(__x86)
- { PR_LDT, 27 * sizeof (prdirent_t), sizeof (prdirent_t),
+ { PR_LDT, 28 * sizeof (prdirent_t), sizeof (prdirent_t),
"ldt" },
#endif
};
#define NPIDDIRFILES (sizeof (piddir) / sizeof (piddir[0]) - 2)
@@ -583,11 +585,11 @@
pr_read_ldt(),
#endif
pr_read_usage(), pr_read_lusage(), pr_read_pagedata(),
pr_read_watch(), pr_read_lwpstatus(), pr_read_lwpsinfo(),
pr_read_lwpusage(), pr_read_xregs(), pr_read_priv(),
- pr_read_spymaster(),
+ pr_read_spymaster(), pr_read_secflags(),
#if defined(__sparc)
pr_read_gwindows(), pr_read_asrs(),
#endif
pr_read_piddir(), pr_read_pidfile(), pr_read_opagedata();
@@ -637,10 +639,11 @@
pr_read_priv, /* /proc/<pid>/priv */
pr_read_inval, /* /proc/<pid>/path */
pr_read_inval, /* /proc/<pid>/path/xxx */
pr_read_inval, /* /proc/<pid>/contracts */
pr_read_inval, /* /proc/<pid>/contracts/<ctid> */
+ pr_read_secflags, /* /proc/<pid>/secflags */
pr_read_pidfile, /* old process file */
pr_read_pidfile, /* old lwp file */
pr_read_opagedata, /* old pagedata file */
};
@@ -1599,10 +1602,29 @@
prunlock(pnp);
return (pr_uioread(&psinfo, sizeof (psinfo), uiop));
}
+static int
+pr_read_secflags(prnode_t *pnp, uio_t *uiop)
+{
+ prsecflags_t ret;
+ int error;
+ proc_t *p;
+
+ ASSERT(pnp->pr_type == PR_SECFLAGS);
+
+ if ((error = prlock(pnp, ZNO)) != 0)
+ return (error);
+
+ p = pnp->pr_common->prc_proc;
+ prgetsecflags(p, &ret);
+ prunlock(pnp);
+
+ return (pr_uioread(&ret, sizeof (ret), uiop));
+}
+
#if defined(__sparc)
static int
pr_read_gwindows(prnode_t *pnp, uio_t *uiop)
{
@@ -1794,10 +1816,11 @@
pr_read_priv, /* /proc/<pid>/priv */
pr_read_inval, /* /proc/<pid>/path */
pr_read_inval, /* /proc/<pid>/path/xxx */
pr_read_inval, /* /proc/<pid>/contracts */
pr_read_inval, /* /proc/<pid>/contracts/<ctid> */
+ pr_read_secflags, /* /proc/<pid>/secflags */
pr_read_pidfile, /* old process file */
pr_read_pidfile, /* old lwp file */
pr_read_opagedata_32, /* old pagedata file */
};
@@ -3037,10 +3060,13 @@
mutex_exit(&p->p_crlock);
break;
case PR_PRIV:
vap->va_size = prgetprivsize();
break;
+ case PR_SECFLAGS:
+ vap->va_size = sizeof (prsecflags_t);
+ break;
case PR_SIGACT:
nsig = PROC_IS_BRANDED(curproc)? BROP(curproc)->b_nsig : NSIG;
vap->va_size = (nsig-1) *
PR_OBJSIZE(struct sigaction32, struct sigaction);
break;
@@ -3334,10 +3360,11 @@
pr_lookup_notdir, /* /proc/<pid>/priv */
pr_lookup_pathdir, /* /proc/<pid>/path */
pr_lookup_notdir, /* /proc/<pid>/path/xxx */
pr_lookup_ctdir, /* /proc/<pid>/contracts */
pr_lookup_notdir, /* /proc/<pid>/contracts/<ctid> */
+ pr_lookup_notdir, /* /proc/<pid>/secflags */
pr_lookup_notdir, /* old process file */
pr_lookup_notdir, /* old lwp file */
pr_lookup_notdir, /* old pagedata file */
};
@@ -4683,10 +4710,11 @@
pr_readdir_notdir, /* /proc/<pid>/priv */
pr_readdir_pathdir, /* /proc/<pid>/path */
pr_readdir_notdir, /* /proc/<pid>/path/xxx */
pr_readdir_ctdir, /* /proc/<pid>/contracts */
pr_readdir_notdir, /* /proc/<pid>/contracts/<ctid> */
+ pr_readdir_notdir, /* /proc/<pid>/secflags */
pr_readdir_notdir, /* old process file */
pr_readdir_notdir, /* old lwp file */
pr_readdir_notdir, /* old pagedata file */
};