Print this page
smf: switch to a tri-state for process-security properties true=on,false=off,nil=default
*** 56,72 ****
The stack will be mapped without executable permission, and
attempts to execute it will fault.
System default security-flags are configured via properties on the
svc:/system/process-security service, which contains a boolean property
! per-flag in the default, lower and upper, property groups. For
! example, to enable ASLR by default you would execute the following
! commands:
# svccfg -s svc:/system/process-security setprop default/aslr = true
This can be done by any user with the solaris.smf.value.process-
security authorization.
Since security-flags are strictly inherited, this will not take effect
until the system or zone is next booted.
--- 56,78 ----
The stack will be mapped without executable permission, and
attempts to execute it will fault.
System default security-flags are configured via properties on the
svc:/system/process-security service, which contains a boolean property
! per-flag in the default, lower and upper, property groups. The value
! indicates the setting of the flag, flags with no value take their
! defaults. For example, to enable ASLR by default you would execute the
! following commands:
# svccfg -s svc:/system/process-security setprop default/aslr = true
+ To restore the setting to the defaults you would execute:
+
+ # svccfg -s svc:/system/process-security delpropvalue default/aslr true
+
+
This can be done by any user with the solaris.smf.value.process-
security authorization.
Since security-flags are strictly inherited, this will not take effect
until the system or zone is next booted.