Public Git Hosting - unleashed.git/commit

commit	d2a70789f056fc6c9ce3ab047b52126d80b0e3da
author	Richard Lowe <richlowe@richlowe.net>
	Wed, 16 Apr 2014 01:39:14 +0000 (16 02:39 +0100)
committer	Richard Lowe <richlowe@richlowe.net>
	Sat, 15 Oct 2016 16:02:16 +0000 (15 12:02 -0400)
tree	bcf5eedbc5aeec80cac59ea37052e3b87108c253	tree \| snapshot (tar.gz zip)
parent	8ab1c3f559468e655c4eb8acce993320403dd72b	commit \| diff

7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (ASLR)
7031 noexec_user_stack should be a security-flag
7032 want a means to forbid mappings around NULL
Reviewed by: Robert Mustacchi <rm@joyent.com>
Reviewed by: Josef 'Jeff' Sipek <jeffpc@josefsipek.net>
Reviewed by: Patrick Mooney <pmooney@joyent.com>
Approved by: Dan McDonald <danmcd@omniti.com>

175 files changed:

exception_lists/check_rtime		diff \| blob \| blame \| history
exception_lists/manlint		diff \| blob \| blame \| history
usr/src/cmd/auditreduce/token.c		diff \| blob \| blame \| history
usr/src/cmd/praudit/praudit.xcl		diff \| blob \| blame \| history
usr/src/cmd/praudit/token.c		diff \| blob \| blame \| history
usr/src/cmd/praudit/toktable.c		diff \| blob \| blame \| history
usr/src/cmd/praudit/toktable.h		diff \| blob \| blame \| history
usr/src/cmd/priocntl/subr.c		diff \| blob \| blame \| history
usr/src/cmd/ptools/Makefile		diff \| blob \| blame \| history
usr/src/cmd/ptools/Makefile.bld		diff \| blob \| blame \| history
usr/src/cmd/ptools/psecflags/psecflags.c	[new file with mode: 0644]	blob
usr/src/cmd/sgs/dump/common/dump.c		diff \| blob \| blame \| history
usr/src/cmd/sgs/elfdump/common/corenote.c		diff \| blob \| blame \| history
usr/src/cmd/sgs/elfdump/common/elfdump.msg		diff \| blob \| blame \| history
usr/src/cmd/sgs/elfdump/common/gen_layout_obj.c		diff \| blob \| blame \| history
usr/src/cmd/sgs/elfdump/common/gen_struct_layout.c		diff \| blob \| blame \| history
usr/src/cmd/sgs/elfdump/common/struct_layout.c		diff \| blob \| blame \| history
usr/src/cmd/sgs/elfdump/common/struct_layout.h		diff \| blob \| blame \| history
usr/src/cmd/sgs/elfdump/common/struct_layout_amd64.c		diff \| blob \| blame \| history
usr/src/cmd/sgs/elfdump/common/struct_layout_i386.c		diff \| blob \| blame \| history
usr/src/cmd/sgs/elfdump/common/struct_layout_sparc.c		diff \| blob \| blame \| history
usr/src/cmd/sgs/elfdump/common/struct_layout_sparcv9.c		diff \| blob \| blame \| history
usr/src/cmd/sgs/include/conv.h		diff \| blob \| blame \| history
usr/src/cmd/sgs/include/libld.h		diff \| blob \| blame \| history
usr/src/cmd/sgs/libconv/common/corenote.c		diff \| blob \| blame \| history
usr/src/cmd/sgs/libconv/common/corenote.msg		diff \| blob \| blame \| history
usr/src/cmd/sgs/libconv/common/dynamic.c		diff \| blob \| blame \| history
usr/src/cmd/sgs/libconv/common/dynamic.msg		diff \| blob \| blame \| history
usr/src/cmd/sgs/libld/common/args.c		diff \| blob \| blame \| history
usr/src/cmd/sgs/libld/common/libld.msg		diff \| blob \| blame \| history
usr/src/cmd/sgs/libld/common/sections.c		diff \| blob \| blame \| history
usr/src/cmd/sgs/libld/common/update.c		diff \| blob \| blame \| history
usr/src/cmd/svc/dtd/service_bundle.dtd.1		diff \| blob \| blame \| history
usr/src/cmd/svc/milestone/Makefile		diff \| blob \| blame \| history
usr/src/cmd/svc/milestone/global.xml		diff \| blob \| blame \| history
usr/src/cmd/svc/milestone/process-security.xml	[new file with mode: 0644]	blob
usr/src/cmd/svc/milestone/restarter.xml		diff \| blob \| blame \| history
usr/src/cmd/svc/svccfg/svccfg_libscf.c		diff \| blob \| blame \| history
usr/src/cmd/svc/svccfg/svccfg_xml.c		diff \| blob \| blame \| history
usr/src/cmd/truss/print.c		diff \| blob \| blame \| history
usr/src/cmd/truss/print.h		diff \| blob \| blame \| history
usr/src/cmd/truss/systable.c		diff \| blob \| blame \| history
usr/src/cmd/zoneadmd/vplat.c		diff \| blob \| blame \| history
usr/src/cmd/zonecfg/zonecfg.c		diff \| blob \| blame \| history
usr/src/cmd/zonecfg/zonecfg.h		diff \| blob \| blame \| history
usr/src/cmd/zonecfg/zonecfg_grammar.y		diff \| blob \| blame \| history
usr/src/cmd/zonecfg/zonecfg_lex.l		diff \| blob \| blame \| history
usr/src/common/secflags/secflags.c	[new file with mode: 0644]	blob
usr/src/head/libzonecfg.h		diff \| blob \| blame \| history
usr/src/lib/auditd_plugins/syslog/systoken.c		diff \| blob \| blame \| history
usr/src/lib/auditd_plugins/syslog/systoken.h		diff \| blob \| blame \| history
usr/src/lib/brand/ipkg/zone/config.xml		diff \| blob \| blame \| history
usr/src/lib/brand/labeled/zone/config.xml		diff \| blob \| blame \| history
usr/src/lib/brand/sn1/zone/config.xml		diff \| blob \| blame \| history
usr/src/lib/libbsm/adt_record.dtd.1		diff \| blob \| blame \| history
usr/src/lib/libbsm/adt_record.xsl.1		diff \| blob \| blame \| history
usr/src/lib/libbsm/audit_event.txt		diff \| blob \| blame \| history
usr/src/lib/libbsm/auditxml		diff \| blob \| blame \| history
usr/src/lib/libbsm/common/adt.xml		diff \| blob \| blame \| history
usr/src/lib/libc/Makefile.targ		diff \| blob \| blame \| history
usr/src/lib/libc/amd64/Makefile		diff \| blob \| blame \| history
usr/src/lib/libc/common/sys/brk.s		diff \| blob \| blame \| history
usr/src/lib/libc/common/sys/psecflagsset.s	[new file with mode: 0644]	blob
usr/src/lib/libc/i386/Makefile.com		diff \| blob \| blame \| history
usr/src/lib/libc/port/gen/priv_str_xlate.c		diff \| blob \| blame \| history
usr/src/lib/libc/port/gen/psecflags.c	[new file with mode: 0644]	blob
usr/src/lib/libc/port/mapfile-vers		diff \| blob \| blame \| history
usr/src/lib/libc/port/sys/sbrk.c		diff \| blob \| blame \| history
usr/src/lib/libc/req.flg		diff \| blob \| blame \| history
usr/src/lib/libc/sparc/Makefile.com		diff \| blob \| blame \| history
usr/src/lib/libc/sparcv9/Makefile.com		diff \| blob \| blame \| history
usr/src/lib/libproc/common/Pcontrol.c		diff \| blob \| blame \| history
usr/src/lib/libproc/common/Pcontrol.h		diff \| blob \| blame \| history
usr/src/lib/libproc/common/Pcore.c		diff \| blob \| blame \| history
usr/src/lib/libproc/common/Pgcore.c		diff \| blob \| blame \| history
usr/src/lib/libproc/common/Pidle.c		diff \| blob \| blame \| history
usr/src/lib/libproc/common/Putil.c		diff \| blob \| blame \| history
usr/src/lib/libproc/common/libproc.h		diff \| blob \| blame \| history
usr/src/lib/libproc/common/mapfile-vers		diff \| blob \| blame \| history
usr/src/lib/libproc/common/proc_get_info.c		diff \| blob \| blame \| history
usr/src/lib/librestart/common/librestart.c		diff \| blob \| blame \| history
usr/src/lib/librestart/common/librestart.h		diff \| blob \| blame \| history
usr/src/lib/libscf/common/highlevel.c		diff \| blob \| blame \| history
usr/src/lib/libscf/common/mapfile-vers		diff \| blob \| blame \| history
usr/src/lib/libscf/inc/libscf.h		diff \| blob \| blame \| history
usr/src/lib/libscf/inc/libscf_priv.h		diff \| blob \| blame \| history
usr/src/lib/libsecdb/auth_attr.txt		diff \| blob \| blame \| history
usr/src/lib/libsecdb/help/auths/Makefile		diff \| blob \| blame \| history
usr/src/lib/libsecdb/help/auths/SmfValueProcSec.html	[new file with mode: 0644]	blob
usr/src/lib/libzonecfg/common/libzonecfg.c		diff \| blob \| blame \| history
usr/src/lib/libzonecfg/common/mapfile-vers		diff \| blob \| blame \| history
usr/src/lib/libzonecfg/dtd/zonecfg.dtd.1		diff \| blob \| blame \| history
usr/src/man/man1/Makefile		diff \| blob \| blame \| history
usr/src/man/man1/ld.1		diff \| blob \| blame \| history
usr/src/man/man1/psecflags.1	[new file with mode: 0644]	blob
usr/src/man/man1m/zonecfg.1m		diff \| blob \| blame \| history
usr/src/man/man3lib/libproc.3lib		diff \| blob \| blame \| history
usr/src/man/man3proc/Makefile		diff \| blob \| blame \| history
usr/src/man/man3proc/Psecflags.3proc	[new file with mode: 0644]	blob
usr/src/man/man4/core.4		diff \| blob \| blame \| history
usr/src/man/man4/proc.4		diff \| blob \| blame \| history
usr/src/man/man5/Makefile		diff \| blob \| blame \| history
usr/src/man/man5/privileges.5		diff \| blob \| blame \| history
usr/src/man/man5/security-flags.5	[new file with mode: 0644]	blob
usr/src/man/man5/smf_method.5		diff \| blob \| blame \| history
usr/src/pkg/manifests/SUNWcs.man5.inc		diff \| blob \| blame \| history
usr/src/pkg/manifests/SUNWcs.mf		diff \| blob \| blame \| history
usr/src/pkg/manifests/consolidation-osnet-osnet-message-files.mf		diff \| blob \| blame \| history
usr/src/pkg/manifests/system-extended-system-utilities.mf		diff \| blob \| blame \| history
usr/src/pkg/manifests/system-header.mf		diff \| blob \| blame \| history
usr/src/pkg/manifests/system-library.man3proc.inc		diff \| blob \| blame \| history
usr/src/pkg/manifests/system-test-ostest.mf		diff \| blob \| blame \| history
usr/src/test/os-tests/runfiles/default.run		diff \| blob \| blame \| history
usr/src/test/os-tests/tests/Makefile		diff \| blob \| blame \| history
usr/src/test/os-tests/tests/secflags/Makefile	[new file with mode: 0644]	blob
usr/src/test/os-tests/tests/secflags/addrs.c	[new file with mode: 0644]	blob
usr/src/test/os-tests/tests/secflags/secflags_aslr.sh	[new file with mode: 0644]	blob
usr/src/test/os-tests/tests/secflags/secflags_core.sh	[new file with mode: 0644]	blob
usr/src/test/os-tests/tests/secflags/secflags_dts.sh	[new file with mode: 0644]	blob
usr/src/test/os-tests/tests/secflags/secflags_elfdump.sh	[new file with mode: 0644]	blob
usr/src/test/os-tests/tests/secflags/secflags_forbidnullmap.sh	[copied from usr/src/test/os-tests/tests/Makefile with 65% similarity]	diff \| blob \| blame \| history
usr/src/test/os-tests/tests/secflags/secflags_limits.sh	[new file with mode: 0644]	blob
usr/src/test/os-tests/tests/secflags/secflags_noexecstack.sh	[copied from usr/src/test/os-tests/tests/Makefile with 65% similarity]	diff \| blob \| blame \| history
usr/src/test/os-tests/tests/secflags/secflags_proc.sh	[copied from usr/src/test/os-tests/runfiles/default.run with 50% similarity]	diff \| blob \| blame \| history
usr/src/test/os-tests/tests/secflags/secflags_psecflags.sh	[new file with mode: 0644]	blob
usr/src/test/os-tests/tests/secflags/secflags_syscall.c	[new file with mode: 0644]	blob
usr/src/test/os-tests/tests/secflags/secflags_truss.sh	[new file with mode: 0644]	blob
usr/src/test/os-tests/tests/secflags/secflags_zonecfg.sh	[new file with mode: 0644]	blob
usr/src/test/os-tests/tests/secflags/stacky.c	[new file with mode: 0644]	blob
usr/src/uts/common/Makefile.files		diff \| blob \| blame \| history
usr/src/uts/common/Makefile.rules		diff \| blob \| blame \| history
usr/src/uts/common/c2/audit.c		diff \| blob \| blame \| history
usr/src/uts/common/c2/audit.h		diff \| blob \| blame \| history
usr/src/uts/common/c2/audit_event.c		diff \| blob \| blame \| history
usr/src/uts/common/c2/audit_kevents.h		diff \| blob \| blame \| history
usr/src/uts/common/c2/audit_record.h		diff \| blob \| blame \| history
usr/src/uts/common/c2/audit_token.c		diff \| blob \| blame \| history
usr/src/uts/common/exec/elf/elf.c		diff \| blob \| blame \| history
usr/src/uts/common/exec/elf/elf_notes.c		diff \| blob \| blame \| history
usr/src/uts/common/fs/proc/prdata.h		diff \| blob \| blame \| history
usr/src/uts/common/fs/proc/prsubr.c		diff \| blob \| blame \| history
usr/src/uts/common/fs/proc/prvnops.c		diff \| blob \| blame \| history
usr/src/uts/common/os/cred.c		diff \| blob \| blame \| history
usr/src/uts/common/os/exec.c		diff \| blob \| blame \| history
usr/src/uts/common/os/fork.c		diff \| blob \| blame \| history
usr/src/uts/common/os/grow.c		diff \| blob \| blame \| history
usr/src/uts/common/os/mmapobj.c		diff \| blob \| blame \| history
usr/src/uts/common/os/policy.c		diff \| blob \| blame \| history
usr/src/uts/common/os/priv_defs		diff \| blob \| blame \| history
usr/src/uts/common/os/proc.c		diff \| blob \| blame \| history
usr/src/uts/common/os/sysent.c		diff \| blob \| blame \| history
usr/src/uts/common/os/zone.c		diff \| blob \| blame \| history
usr/src/uts/common/sys/Makefile		diff \| blob \| blame \| history
usr/src/uts/common/sys/elf.h		diff \| blob \| blame \| history
usr/src/uts/common/sys/link.h		diff \| blob \| blame \| history
usr/src/uts/common/sys/mman.h		diff \| blob \| blame \| history
usr/src/uts/common/sys/policy.h		diff \| blob \| blame \| history
usr/src/uts/common/sys/proc.h		diff \| blob \| blame \| history
usr/src/uts/common/sys/procfs.h		diff \| blob \| blame \| history
usr/src/uts/common/sys/prsystm.h		diff \| blob \| blame \| history
usr/src/uts/common/sys/secflags.h	[new file with mode: 0644]	blob
usr/src/uts/common/sys/syscall.h		diff \| blob \| blame \| history
usr/src/uts/common/sys/zone.h		diff \| blob \| blame \| history
usr/src/uts/common/syscall/psecflags.c	[new file with mode: 0644]	blob
usr/src/uts/i86pc/os/mlsetup.c		diff \| blob \| blame \| history
usr/src/uts/i86pc/vm/vm_machdep.c		diff \| blob \| blame \| history
usr/src/uts/intel/ia32/ml/modstubs.s		diff \| blob \| blame \| history
usr/src/uts/intel/os/name_to_sysnum		diff \| blob \| blame \| history
usr/src/uts/req.flg		diff \| blob \| blame \| history
usr/src/uts/sparc/ml/modstubs.s		diff \| blob \| blame \| history
usr/src/uts/sparc/os/name_to_sysnum		diff \| blob \| blame \| history
usr/src/uts/sun4/os/mlsetup.c		diff \| blob \| blame \| history
usr/src/uts/sun4/vm/vm_dep.c		diff \| blob \| blame \| history
usr/src/uts/sun4u/vm/mach_vm_dep.c		diff \| blob \| blame \| history
usr/src/uts/sun4v/vm/mach_vm_dep.c		diff \| blob \| blame \| history

Unleashed OS

RSS Atom