Print this page
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.
@@ -110,10 +110,11 @@
int pause();
long pcsample(void *, long);
int privsys(int, priv_op_t, priv_ptype_t, void *, size_t, int);
int profil(unsigned short *, size_t, ulong_t, uint_t);
ssize_t pread(int, void *, size_t, off_t);
+int psecflags(procset_t *, psecflagwhich_t, secflagdelta_t *);
ssize_t pwrite(int, void *, size_t, off_t);
ssize_t read(int, void *, size_t);
int rename(char *, char *);
int renameat(int, char *, int, char *);
void rexit(int);
@@ -437,11 +438,11 @@
{
/* 0 */ IF_LP64(
SYSENT_NOSYS(),
SYSENT_C("indir", indir, 1)),
/* 1 */ SYSENT_CI("exit", rexit, 1),
- /* 2 */ SYSENT_LOADABLE(), /* (was forkall) */
+ /* 2 */ SYSENT_CI("psecflags", psecflags, 3),
/* 3 */ SYSENT_CL("read", read, 3),
/* 4 */ SYSENT_CL("write", write, 3),
/* 5 */ SYSENT_CI("open", open, 3),
/* 6 */ SYSENT_CI("close", close, 1),
/* 7 */ SYSENT_CI("linkat", linkat, 5),
@@ -818,11 +819,11 @@
*/
struct sysent sysent32[NSYSCALL] =
{
/* 0 */ SYSENT_C("indir", indir, 1),
/* 1 */ SYSENT_CI("exit", (int (*)())rexit, 1),
- /* 2 */ SYSENT_LOADABLE32(), /* (was forkall) */
+ /* 2 */ SYSENT_CI("psecflags", psecflags, 3),
/* 3 */ SYSENT_CI("read", read32, 3),
/* 4 */ SYSENT_CI("write", write32, 3),
/* 5 */ SYSENT_CI("open", open32, 3),
/* 6 */ SYSENT_CI("close", close, 1),
/* 7 */ SYSENT_CI("linkat", linkat, 5),