want per-process exploit mitigation features (secflags)
A means to implement and control exploit-mitigation features is desirable on a per-process basis (as some of these features have negative impacts on legacy software).
There are 4 sets of flags per-process:
- Effective (E) - those flags currently in effect, immutable for the lifetime of an executable image
- Inheritable (I) - those flags which will come into effect the next time one of the exec() family of functions is successfully called
- Lower (L) - the lower bound for the effective/inheritable set. All flags in this set must be in those
- Upper (U) - the upper bound for the effective/inheritable set. No flag not in this must be in those
A new basic privilege, PRIV_PROC_SECFLAGS is introduced. A process with this privilege may change the security flags of any process to which it could send a signal.
Defaults for the security flag groups are specified as properties on svc:/system/process-security, which we introduce. The set of flags to use for the effective set of any other service may be set in its method context. A new zones resource is introduced to allow the configuration of all 4 sets for a given zone.
Updated by Electric Monk almost 6 years ago
- Status changed from In Progress to Closed
- % Done changed from 70 to 100
commit d2a70789f056fc6c9ce3ab047b52126d80b0e3da Author: Richard Lowe <firstname.lastname@example.org> Date: 2016-10-15T16:02:16.000Z 7029 want per-process exploit mitigation features (secflags) 7030 want basic address space layout randomization (ASLR) 7031 noexec_user_stack should be a security-flag 7032 want a means to forbid mappings around NULL Reviewed by: Robert Mustacchi <email@example.com> Reviewed by: Josef 'Jeff' Sipek <firstname.lastname@example.org> Reviewed by: Patrick Mooney <email@example.com> Approved by: Dan McDonald <firstname.lastname@example.org>