7029 want per-process exploit mitigation features (secflags)

7030 want basic address space layout randomization (ASLR)
7031 noexec_user_stack should be a security-flag
7032 want a means to forbid mappings around NULL
Reviewed by: Robert Mustacchi <rm@joyent.com>
Reviewed by: Josef 'Jeff' Sipek <jeffpc@josefsipek.net>
Reviewed by: Patrick Mooney <pmooney@joyent.com>
Approved by: Dan McDonald <danmcd@omniti.com>

1 files changed, 22 insertions, 0 deletions

diff --git a/usr/src/lib/libproc/common/proc_get_info.c b/usr/src/lib/libproc/common/proc_get_info.c
index e0817c543f..19a84e060e 100644
--- a/usr/src/lib/libproc/common/proc_get_info.c
+++ b/usr/src/lib/libproc/common/proc_get_info.c
@@ -32,6 +32,7 @@
 #include <fcntl.h>
 #include <string.h>
 #include <limits.h>
+#include <sys/secflags.h>
 
 #include "Pcontrol.h"
 
@@ -68,6 +69,27 @@ proc_get_cred(pid_t pid, prcred_t *credp, int ngroups)
 	return (rv);
 }
 
+int
+proc_get_secflags(pid_t pid, prsecflags_t **psf)
+{
+	char fname[PATH_MAX];
+	int fd;
+	int rv = -1;
+
+	if ((*psf = calloc(1, sizeof (prsecflags_t))) == NULL)
+		return (-1);
+
+	(void) snprintf(fname, sizeof (fname), "%s/%d/secflags",
+	    procfs_path, (int)pid);
+	if ((fd = open(fname, O_RDONLY)) >= 0) {
+		if (read(fd, *psf, sizeof (prsecflags_t)) ==
+		    sizeof (prsecflags_t))
+			rv = 0;
+		(void) close(fd);
+	}
+	return (rv);
+}
+
 void
 proc_free_priv(prpriv_t *prv)
 {