Project

General

Profile

Actions
Copy link

Feature #7029

closed

want per-process exploit mitigation features (secflags)

Added by Rich Lowe over 7 years ago. Updated almost 7 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Rich Lowe
Category:
kernel
Start date:
2016-06-02
Due date:
% Done:

100%

Estimated time:
Difficulty:
Medium
Tags:
needs-triage
Gerrit CR:
External Bug:

Description

A means to implement and control exploit-mitigation features is desirable on a per-process basis (as some of these features have negative impacts on legacy software).

There are 4 sets of flags per-process:

- Effective (E) - those flags currently in effect, immutable for the lifetime of an executable image
  - Inheritable (I) - those flags which will come into effect the next time one of the exec() family of functions is successfully called
  - Lower (L) - the lower bound for the effective/inheritable set.  All flags in this set must be in those
  - Upper (U) - the upper bound for the effective/inheritable set.  No flag not in this must be in those

A new basic privilege, PRIV_PROC_SECFLAGS is introduced. A process with this privilege may change the security flags of any process to which it could send a signal.

Defaults for the security flag groups are specified as properties on svc:/system/process-security, which we introduce. The set of flags to use for the effective set of any other service may be set in its method context. A new zones resource is introduced to allow the configuration of all 4 sets for a given zone.

Related issues

Related to illumos gate - Feature #7030: want basic address space layout randomization (ASLR)ClosedRich Lowe2016-06-02

Actions
Related to illumos gate - Feature #7031: noexec_user_stack should be a security-flagClosedRich Lowe2016-06-02

Actions
Related to illumos gate - Feature #7032: want a means to forbid mappings around NULLClosedRich Lowe2016-06-02

Actions
Actions
Copy link
 #1

Updated by Electric Monk almost 7 years ago

  • Status changed from In Progress to Closed
  • % Done changed from 70 to 100

git commit d2a70789f056fc6c9ce3ab047b52126d80b0e3da

commit  d2a70789f056fc6c9ce3ab047b52126d80b0e3da
Author: Richard Lowe <richlowe@richlowe.net>
Date:   2016-10-15T16:02:16.000Z

    7029 want per-process exploit mitigation features (secflags)
    7030 want basic address space layout randomization (ASLR)
    7031 noexec_user_stack should be a security-flag
    7032 want a means to forbid mappings around NULL
    Reviewed by: Robert Mustacchi <rm@joyent.com>
    Reviewed by: Josef 'Jeff' Sipek <jeffpc@josefsipek.net>
    Reviewed by: Patrick Mooney <pmooney@joyent.com>
    Approved by: Dan McDonald <danmcd@omniti.com>

Actions
Copy link
 #2

Updated by Joshua M. Clulow over 4 years ago

  • Related to Feature #7030: want basic address space layout randomization (ASLR) added
Actions
Copy link
 #3

Updated by Joshua M. Clulow over 4 years ago

  • Related to Feature #7031: noexec_user_stack should be a security-flag added
Actions
Copy link
 #4

Updated by Joshua M. Clulow over 4 years ago

  • Related to Feature #7032: want a means to forbid mappings around NULL added
Actions
Copy link

Also available in: Atom PDF