il_7029 Cdiff usr/src/uts/common/os/sysent.c

Print this page

7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.


*** 110,119 ****
--- 110,120 ----
  int     pause();
  long    pcsample(void *, long);
  int     privsys(int, priv_op_t, priv_ptype_t, void *, size_t, int);
  int     profil(unsigned short *, size_t, ulong_t, uint_t);
  ssize_t pread(int, void *, size_t, off_t);
+ int     psecflags(procset_t *, psecflagwhich_t, secflagdelta_t *);
  ssize_t pwrite(int, void *, size_t, off_t);
  ssize_t read(int, void *, size_t);
  int     rename(char *, char *);
  int     renameat(int, char *, int, char *);
  void    rexit(int);
*** 437,447 ****
  {
          /*  0 */ IF_LP64(
                          SYSENT_NOSYS(),
                          SYSENT_C("indir",       indir,          1)),
          /*  1 */ SYSENT_CI("exit",              rexit,          1),
!         /*  2 */ SYSENT_LOADABLE(),                     /* (was forkall) */
          /*  3 */ SYSENT_CL("read",              read,           3),
          /*  4 */ SYSENT_CL("write",             write,          3),
          /*  5 */ SYSENT_CI("open",              open,           3),
          /*  6 */ SYSENT_CI("close",             close,          1),
          /*  7 */ SYSENT_CI("linkat",            linkat,         5),
--- 438,448 ----
  {
          /*  0 */ IF_LP64(
                          SYSENT_NOSYS(),
                          SYSENT_C("indir",       indir,          1)),
          /*  1 */ SYSENT_CI("exit",              rexit,          1),
!         /*  2 */ SYSENT_CI("psecflags",         psecflags,      3),
          /*  3 */ SYSENT_CL("read",              read,           3),
          /*  4 */ SYSENT_CL("write",             write,          3),
          /*  5 */ SYSENT_CI("open",              open,           3),
          /*  6 */ SYSENT_CI("close",             close,          1),
          /*  7 */ SYSENT_CI("linkat",            linkat,         5),
*** 818,828 ****
   */
  struct sysent sysent32[NSYSCALL] =
  {
          /*  0 */ SYSENT_C("indir",              indir,          1),
          /*  1 */ SYSENT_CI("exit",      (int (*)())rexit,       1),
!         /*  2 */ SYSENT_LOADABLE32(),                   /* (was forkall) */
          /*  3 */ SYSENT_CI("read",              read32,         3),
          /*  4 */ SYSENT_CI("write",             write32,        3),
          /*  5 */ SYSENT_CI("open",              open32,         3),
          /*  6 */ SYSENT_CI("close",             close,          1),
          /*  7 */ SYSENT_CI("linkat",            linkat,         5),
--- 819,829 ----
   */
  struct sysent sysent32[NSYSCALL] =
  {
          /*  0 */ SYSENT_C("indir",              indir,          1),
          /*  1 */ SYSENT_CI("exit",      (int (*)())rexit,       1),
!         /*  2 */ SYSENT_CI("psecflags",         psecflags,      3),
          /*  3 */ SYSENT_CI("read",              read32,         3),
          /*  4 */ SYSENT_CI("write",             write32,        3),
          /*  5 */ SYSENT_CI("open",              open32,         3),
          /*  6 */ SYSENT_CI("close",             close,          1),
          /*  7 */ SYSENT_CI("linkat",            linkat,         5),