Print this page
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.
*** 62,71 ****
--- 62,72 ----
#include <sys/pset.h>
#include <sys/procfs_isa.h>
#include <sys/priv.h>
#include <sys/stat.h>
#include <sys/param.h>
+ #include <sys/secflags.h>
/*
* System call interfaces for /proc.
*/
*** 396,405 ****
--- 397,416 ----
uint32_t pr_setsize; /* size of privilege set */
uint32_t pr_infosize; /* size of supplementary data */
priv_chunk_t pr_sets[1]; /* array of sets */
} prpriv_t;
+ #define PRSECFLAGS_VERSION_1 1
+ #define PRSECFLAGS_VERSION_CURRENT PRSECFLAGS_VERSION_1
+ typedef struct prsecflags {
+ uint32_t pr_version;
+ secflagset_t pr_effective;
+ secflagset_t pr_inherit;
+ secflagset_t pr_lower;
+ secflagset_t pr_upper;
+ } prsecflags_t;
+
/*
* Watchpoint interface. PCWATCH and /proc/<pid>/watch
*/
typedef struct prwatch {
uintptr_t pr_vaddr; /* virtual address of watched area */