From owner-freebsd-bugs@FreeBSD.ORG Mon Feb 3 01:01:43 2014 Return-Path: Delivered-To: freebsd-bugs@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 3E18D1E0 for ; Mon, 3 Feb 2014 01:01:43 +0000 (UTC) Received: from mail-ob0-x236.google.com (mail-ob0-x236.google.com [IPv6:2607:f8b0:4003:c01::236]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 06A7D1861 for ; Mon, 3 Feb 2014 01:01:42 +0000 (UTC) Received: by mail-ob0-f182.google.com with SMTP id wm4so7339683obc.27 for ; Sun, 02 Feb 2014 17:01:41 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=XXHq6d7j7wNaNFe39p4lnR3YGNMEPuxV8Dz12pJLQnQ=; b=lXDX3ffS0KbrDlYo7AtvUaVsbuB7RDK1mz7/UFv8ktGosfH/mnffpxgBPNdYbZapgZ ZFUP+Ze3lmrjGZlHhq71mAxpFRGGeSNJeLVSHlC6NlCtDCmLLZ9jwh+NWCzdVuLOjJ36 DuYGyOh5FJuOjzWGUEevyhYVy8VL8ny2p40x0lEurFBc59BX6MTIU52g5fGgzZzloqIt lpe4/9IGZQVOVZ9+9iPZlvNP45/ybwJOjNbieDMjHeB+cLPlHU7rRWtyhgRUoGIrSRks yOy/I1RIkwkV0Y3lgxfxW+b6RzP2JekBOieya7Wzoa1F9RladMSMqa5qDBnXj4+PrIAC kUGQ== MIME-Version: 1.0 X-Received: by 10.182.158.71 with SMTP id ws7mr28082943obb.6.1391389301642; Sun, 02 Feb 2014 17:01:41 -0800 (PST) Received: by 10.182.80.7 with HTTP; Sun, 2 Feb 2014 17:01:41 -0800 (PST) In-Reply-To: <201402030040.s130e0iB062296@freefall.freebsd.org> References: <201402030040.s130e0iB062296@freefall.freebsd.org> Date: Mon, 3 Feb 2014 02:01:41 +0100 Message-ID: Subject: Re: kern/181497: [kernel] [patch] Add ASLR feature to kernel From: Oliver Pinter To: Shawn Webb Content-Type: text/plain; charset=ISO-8859-1 Cc: freebsd-bugs@freebsd.org X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Feb 2014 01:01:43 -0000 Minor correction, Elad Efrat has ported PaX's ASLR to NetBSD. The main difference is NetBSD's implementation have segvguard and pic. On 2/3/14, Shawn Webb wrote: > The following reply was made to PR kern/181497; it has been noted by GNATS. > > From: Shawn Webb > To: bug-followup@FreeBSD.org, > steven@roothosts.com > Cc: > Subject: Re: kern/181497: [kernel] [patch] Add ASLR feature to kernel > Date: Sun, 2 Feb 2014 19:34:40 -0500 > > --Apple-Mail=_B6453ACB-0EC9-4C80-B575-87E00F273BCF > Content-Transfer-Encoding: quoted-printable > Content-Type: text/plain; > charset=us-ascii > > Over the past few months, I've had the pleasure of enhancing Oliver's = > original patch. I've added support for randomizing the address of the = > RTLD and changing the behavior of ASLR to be set on a per-jail basis. = > This means that if a user requires an application that doesn't support = > ASLR (crashes, exhibits bugs, etc.), then the affected application can = > simply be placed in a jail with ASLR turned off. The rest of the system = > and the rest of the jails would still have ASLR turned on. > > Oliver had ported over PaX's ASLR to NetBSD a few years back, and these = > patches brings FreeBSD feature-for-feature complete with NetBSD's ASLR = > implementation. What's lacking, along with NetBSD's implementation, is = > exec base randomization. This needs to be done on a per-binary basis, = > for binaries compiled with -fPIE. Additionally, we might want to = > specifically mark executables with an ELF note, specifying that it's = > safe to relocate the exec base. > > One known bug is that applications compiled with clang with -fPIC -fPIE = > -static combined could segfault. I can provide a sample binary (with = > sample code) if needed for a simple five-line test application. > > I will continue to research exec base randomization, but this task might = > be a bit over my head skill-wise. > > Attached is the patch against 11-current as of 02 Feb 2014. If I make = > more progress on exec base randomization, you can follow my GitHub repo = > at https://github.com/lattera/freebsd, branch soldierx/lattera/aslr. > > Thanks, > > Shawn Webb > > > --Apple-Mail=_B6453ACB-0EC9-4C80-B575-87E00F273BCF > Content-Disposition: attachment; > filename=fbsd_aslr_11-current-2014-02-02.patch.txt > Content-Type: text/plain; > name="fbsd_aslr_11-current-2014-02-02.patch.txt" > Content-Transfer-Encoding: quoted-printable > > diff --git a/sys/kern/imgact_elf.c b/sys/kern/imgact_elf.c > index f6da68e..3f9487c 100644 > --- a/sys/kern/imgact_elf.c > +++ b/sys/kern/imgact_elf.c > @@ -34,6 +34,7 @@ __FBSDID("$FreeBSD$"); > #include "opt_capsicum.h" > #include "opt_compat.h" > #include "opt_core.h" > +#include "opt_pax.h" > =20 > #include > #include > @@ -47,7 +48,9 @@ __FBSDID("$FreeBSD$"); > #include > #include > #include > +#include > #include > +#include > #include > #include > #include > @@ -600,6 +603,7 @@ __elfN(load_file)(struct proc *p, const char *file, = > u_long *addr, > u_long rbase; > u_long base_addr =3D 0; > int error, i, numsegs; > + struct prison *pr; /* For ASLR */ > =20 > #ifdef CAPABILITY_MODE > /* > @@ -664,6 +668,13 @@ __elfN(load_file)(struct proc *p, const char *file, = > u_long *addr, > goto fail; > } > =20 > +#ifdef PAX_ASLR > + pr =3D pax_aslr_get_prison(NULL, imgp->proc); > + if (pax_aslr_active(NULL, imgp->proc)) { > + rbase +=3D round_page(PAX_ASLR_DELTA(arc4random(), = > PAX_ASLR_DELTA_EXEC_LSB, pr->pr_pax_aslr_exec_len)); > + } > +#endif > + > /* Only support headers that fit within first page for now = > */ > if ((hdr->e_phoff > PAGE_SIZE) || > (u_int)hdr->e_phentsize * hdr->e_phnum > PAGE_SIZE - = > hdr->e_phoff) { > diff --git a/sys/kern/kern_exec.c b/sys/kern/kern_exec.c > index 9f4ceac..099ff0a 100644 > --- a/sys/kern/kern_exec.c > +++ b/sys/kern/kern_exec.c > @@ -30,6 +30,7 @@ __FBSDID("$FreeBSD$"); > #include "opt_capsicum.h" > #include "opt_hwpmc_hooks.h" > #include "opt_ktrace.h" > +#include "opt_pax.h" > #include "opt_vm.h" > =20 > #include > @@ -94,6 +95,10 @@ __FBSDID("$FreeBSD$"); > dtrace_execexit_func_t dtrace_fasttrap_exec; > #endif > =20 > +#ifdef PAX_ASLR > +#include > +#endif /* PAX_ASLR */ > + > SDT_PROVIDER_DECLARE(proc); > SDT_PROBE_DEFINE1(proc, kernel, , exec, "char *"); > SDT_PROBE_DEFINE1(proc, kernel, , exec__failure, "int"); > @@ -1055,6 +1060,10 @@ exec_new_vmspace(imgp, sv) > map =3D &vmspace->vm_map; > } > =20 > +#ifdef PAX_ASLR > + pax_aslr_init(curthread, imgp); > +#endif /* PAX_ASLR */ > + > /* Map a shared page */ > obj =3D sv->sv_shared_page_obj; > if (obj !=3D NULL) { > @@ -1232,12 +1241,16 @@ exec_copyout_strings(imgp) > int argc, envc; > char **vectp; > char *stringp, *destp; > +#ifdef PAX_ASLR > + char *orig_destp; > +#endif /* PAX_ASLR */ > register_t *stack_base; > struct ps_strings *arginfo; > struct proc *p; > size_t execpath_len; > int szsigcode, szps; > char canary[sizeof(long) * 8]; > + unsigned int sgap; > =20 > szps =3D sizeof(pagesizes[0]) * MAXPAGESIZES; > /* > @@ -1255,11 +1268,16 @@ exec_copyout_strings(imgp) > if (p->p_sysent->sv_szsigcode !=3D NULL) > szsigcode =3D *(p->p_sysent->sv_szsigcode); > } > - destp =3D (caddr_t)arginfo - szsigcode - SPARE_USRSPACE - > + sgap=3D(unsigned int)(ALIGN(arc4random()&((64*1024)-1))); > + destp =3D (caddr_t)arginfo - szsigcode - SPARE_USRSPACE - = > sgap - > roundup(execpath_len, sizeof(char *)) - > roundup(sizeof(canary), sizeof(char *)) - > roundup(szps, sizeof(char *)) - > roundup((ARG_MAX - imgp->args->stringspace), sizeof(char = > *)); > +#ifdef PAX_ASLR > + orig_destp =3D destp; > + pax_aslr_stack(curthread, &destp, orig_destp); > +#endif /* PAX_ASLR */ > =20 > /* > * install sigcode > diff --git a/sys/kern/kern_jail.c b/sys/kern/kern_jail.c > index 700b7d6..af97118 100644 > --- a/sys/kern/kern_jail.c > +++ b/sys/kern/kern_jail.c > @@ -33,6 +33,7 @@ __FBSDID("$FreeBSD$"); > #include "opt_ddb.h" > #include "opt_inet.h" > #include "opt_inet6.h" > +#include "opt_pax.h" > =20 > #include > #include > @@ -60,6 +61,7 @@ __FBSDID("$FreeBSD$"); > #include > #include > #include > +#include > =20 > #include > #include > @@ -114,6 +116,20 @@ struct prison prison0 =3D { > .pr_flags =3D PR_HOST|_PR_IP_SADDRSEL, > #endif > .pr_allow =3D PR_ALLOW_ALL, > +#ifdef PAX_ASLR > + .pr_pax_set =3D 0, > + .pr_pax_aslr_status =3D 0, > + .pr_pax_aslr_debug =3D 0, > + .pr_pax_aslr_mmap_len =3D PAX_ASLR_DELTA_MMAP_MIN_LEN, > + .pr_pax_aslr_stack_len =3D PAX_ASLR_DELTA_STACK_MIN_LEN, > + .pr_pax_aslr_exec_len =3D PAX_ASLR_DELTA_EXEC_MIN_LEN, > +#ifdef COMPAT_FREEBSD32 > + .pr_pax_aslr_compat_status =3D 0, > + .pr_pax_aslr_compat_mmap_len =3D = > PAX_ASLR_COMPAT_DELTA_MMAP_MIN_LEN, > + .pr_pax_aslr_compat_stack_len =3D = > PAX_ASLR_COMPAT_DELTA_STACK_MIN_LEN, > + .pr_pax_aslr_compat_exec_len =3D = > PAX_ASLR_COMPAT_DELTA_EXEC_MIN_LEN, > +#endif /* COMPAT_FREEBSD32 */ > +#endif /* PAX_ASLR */ > }; > MTX_SYSINIT(prison0, &prison0.pr_mtx, "jail mutex", MTX_DEF); > =20 > diff --git a/sys/kern/kern_pax.c b/sys/kern/kern_pax.c > new file mode 100644 > index 0000000..9182606 > --- /dev/null > +++ b/sys/kern/kern_pax.c > @@ -0,0 +1,589 @@ > +/*- > + * Copyright (c) 2013, by Oliver Pinter > + * All rights reserved. > + * > + * Redistribution and use in source and binary forms, with or without > + * modification, are permitted provided that the following conditions > + * are met: > + * 1. Redistributions of source code must retain the above copyright > + * notice, this list of conditions and the following disclaimer. > + * 2. The name of the developer may NOT be used to endorse or promote = > products > + * derived from this software without specific prior written = > permission. > + * > + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' = > AND > + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, = > THE > + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR = > PURPOSE > + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE = > LIABLE > + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR = > CONSEQUENTIAL > + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE = > GOODS > + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS = > INTERRUPTION) > + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, = > STRICT > + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN = > ANY WAY > + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY = > OF > + * SUCH DAMAGE. > + * > + * $FreeBSD$ > + * > + * Enhancements made by Shawn "lattera" Webb under the direction of = > SoldierX. > + */ > + > +#include > +__FBSDID("$FreeBSD$"); > + > +#include "opt_pax.h" > +#include "opt_compat.h" > + > +#include > +#include > +#include > +#include > +#include > +#include > +#include > +#include > +#include > +#include > +#include > +#include > +#include > + > +#include > +#include > +#include > + > +#include > +#include > + > +static int sysctl_pax_aslr_status(SYSCTL_HANDLER_ARGS); > +static int sysctl_pax_aslr_mmap(SYSCTL_HANDLER_ARGS); > +static int sysctl_pax_aslr_stack(SYSCTL_HANDLER_ARGS); > +static int sysctl_pax_aslr_exec(SYSCTL_HANDLER_ARGS); > + > +/* > + * sysctls and tunables > + */ > +int pax_aslr_status =3D PAX_ASLR_ENABLED; > +int pax_aslr_debug =3D 0; > + > +#ifdef PAX_ASLR_MAX_SEC > +int pax_aslr_mmap_len =3D PAX_ASLR_DELTA_MMAP_MAX_LEN; > +int pax_aslr_stack_len =3D PAX_ASLR_DELTA_STACK_MAX_LEN; > +int pax_aslr_exec_len =3D PAX_ASLR_DELTA_EXEC_MAX_LEN; > +#else > +int pax_aslr_mmap_len =3D PAX_ASLR_DELTA_MMAP_MIN_LEN; > +int pax_aslr_stack_len =3D PAX_ASLR_DELTA_STACK_MIN_LEN; > +int pax_aslr_exec_len =3D PAX_ASLR_DELTA_EXEC_MIN_LEN; > +#endif /* PAX_ASLR_MAX_SEC */ > + > + > +SYSCTL_NODE(_security, OID_AUTO, pax, CTLFLAG_RD, 0, > + "PaX (exploit mitigation) features."); > +SYSCTL_NODE(_security_pax, OID_AUTO, aslr, CTLFLAG_RD, 0, > + "Address Space Layout Randomization."); > + > +SYSCTL_PROC(_security_pax_aslr, OID_AUTO, status, > + CTLTYPE_INT|CTLFLAG_RW|CTLFLAG_TUN|CTLFLAG_PRISON, > + NULL, 0, sysctl_pax_aslr_status, "I", > + "Restrictions status. " > + "0 - disabled, " > + "1 - enabled, " > + "2 - global enabled, " > + "3 - force global enabled"); > +TUNABLE_INT("security.pax.aslr.status", &pax_aslr_status); > + > +SYSCTL_INT(_security_pax_aslr, OID_AUTO, debug, = > CTLFLAG_RWTUN|CTLFLAG_PRISON, &pax_aslr_debug, 0, "ASLR debug mode"); > +TUNABLE_INT("security.pax.aslr.debug", &pax_aslr_debug); > + > +SYSCTL_PROC(_security_pax_aslr, OID_AUTO, mmap_len, > + CTLTYPE_INT|CTLFLAG_RW|CTLFLAG_TUN|CTLFLAG_PRISON, > + NULL, 0, sysctl_pax_aslr_mmap, "I", > + "Number of bits randomized for mmap(2) calls. " > + "32 bit: [8,16] 64 bit: [16,32]"); > +TUNABLE_INT("security.pax.aslr.mmap", &pax_aslr_mmap_len); > + > +SYSCTL_PROC(_security_pax_aslr, OID_AUTO, stack_len, > + CTLTYPE_INT|CTLFLAG_RW|CTLFLAG_TUN|CTLFLAG_PRISON, > + NULL, 0, sysctl_pax_aslr_stack, "I", > + "Number of bits randomized for the stack. " > + "32 bit: [6,12] 64 bit: [12,21]"); > +TUNABLE_INT("security.pax.aslr.stack", &pax_aslr_stack_len); > + > +SYSCTL_PROC(_security_pax_aslr, OID_AUTO, exec_len, > + CTLTYPE_INT|CTLFLAG_RW|CTLFLAG_TUN|CTLFLAG_PRISON, > + NULL, 0, sysctl_pax_aslr_exec, "I", > + "Number of bits randomized for the PIE exec base. " > + "32 bit: [6,12] 64 bit: [12,21]"); > +TUNABLE_INT("security.pax.aslr.stack", &pax_aslr_exec_len); > + > +static int > +sysctl_pax_aslr_status(SYSCTL_HANDLER_ARGS) > +{ > + int err; > + int val; > + struct prison *pr=3DNULL; > + > + pr =3D pax_aslr_get_prison(req->td, NULL); > + > + if ((pr) && !(pr->pr_pax_set)) > + pax_aslr_init_prison(pr); > + > + val =3D (pr !=3D NULL) ? pr->pr_pax_aslr_status : pax_aslr_status; > + err =3D sysctl_handle_int(oidp, &val, sizeof(int), req); > + if (err || !req->newptr) > + return (err); > + > + switch (val) { > + case PAX_ASLR_DISABLED: > + case PAX_ASLR_ENABLED: > + case PAX_ASLR_GLOBAL_ENABLED: > + case PAX_ASLR_FORCE_GLOBAL_ENABLED: > + pax_aslr_status =3D val; > + if (pr) > + pr->pr_pax_aslr_status =3D val; > + break; > + default: > + return (EINVAL); > + } > + > + return (0); > +} > + > +static int > +sysctl_pax_aslr_mmap(SYSCTL_HANDLER_ARGS) > +{ > + int err; > + int val; > + struct prison *pr=3DNULL; > + > + pr =3D pax_aslr_get_prison(req->td, NULL); > + > + if ((pr) && !(pr->pr_pax_set)) > + pax_aslr_init_prison(pr); > + > + val =3D (pr !=3D NULL) ? pr->pr_pax_aslr_mmap_len : = > pax_aslr_mmap_len; > + err =3D sysctl_handle_int(oidp, &val, sizeof(int), req); > + if (err || !req->newptr) > + return (err); > + > + if (val < PAX_ASLR_DELTA_MMAP_MIN_LEN > + || val > PAX_ASLR_DELTA_MMAP_MAX_LEN) > + return (EINVAL); > + > + pax_aslr_mmap_len =3D val; > + if (pr) > + pr->pr_pax_aslr_mmap_len =3D val; > + > + return (0); > +} > + > +static int > +sysctl_pax_aslr_stack(SYSCTL_HANDLER_ARGS) > +{ > + int err; > + int val; > + struct prison *pr=3DNULL; > + > + pr =3D pax_aslr_get_prison(req->td, NULL); > + > + if ((pr) && !(pr->pr_pax_set)) > + pax_aslr_init_prison(pr); > + > + val =3D (pr !=3D NULL) ? pr->pr_pax_aslr_stack_len : = > pax_aslr_stack_len; > + err =3D sysctl_handle_int(oidp, &val, sizeof(int), req); > + if (err || !req->newptr) > + return (err); > + > + if (val < PAX_ASLR_DELTA_STACK_MIN_LEN > + || val > PAX_ASLR_DELTA_STACK_MAX_LEN) > + return (EINVAL); > + > + pax_aslr_stack_len =3D val; > + if (pr) > + pr->pr_pax_aslr_stack_len =3D val; > + > + return (0); > +} > + > +static int > +sysctl_pax_aslr_exec(SYSCTL_HANDLER_ARGS) > +{ > + int err; > + int val; > + struct prison *pr=3DNULL; > + > + pr =3D pax_aslr_get_prison(req->td, NULL); > + > + if ((pr) && !(pr->pr_pax_set)) > + pax_aslr_init_prison(pr); > + > + val =3D (pr !=3D NULL) ? pr->pr_pax_aslr_exec_len : = > pax_aslr_exec_len; > + err =3D sysctl_handle_int(oidp, &val, sizeof(int), req); > + if (err || !req->newptr) > + return (err); > + > + if (val < PAX_ASLR_DELTA_EXEC_MIN_LEN > + || val > PAX_ASLR_DELTA_EXEC_MAX_LEN) > + return (EINVAL); > + > + pax_aslr_exec_len =3D val; > + if (pr) > + pr->pr_pax_aslr_exec_len =3D val; > + > + return (0); > +} > + > +/* > + * COMPAT_FREEBSD32 and linuxulator.. > + */ > +#ifdef COMPAT_FREEBSD32 > +int pax_aslr_compat_status =3D PAX_ASLR_ENABLED; > + > +static int sysctl_pax_aslr_compat_status(SYSCTL_HANDLER_ARGS); > +static int sysctl_pax_aslr_compat_mmap(SYSCTL_HANDLER_ARGS); > +static int sysctl_pax_aslr_compat_stack(SYSCTL_HANDLER_ARGS); > +static int sysctl_pax_aslr_compat_exec(SYSCTL_HANDLER_ARGS); > + > +#ifdef PAX_ASLR_MAX_SEC > +int pax_aslr_compat_mmap_len =3D PAX_ASLR_COMPAT_DELTA_MMAP_MAX_LEN; > +int pax_aslr_compat_stack_len =3D PAX_ASLR_COMPAT_DELTA_STACK_MAX_LEN; > +int pax_aslr_compat_exec_len =3D PAX_ASLR_COMPAT_DELTA_EXEC_MAX_LEN; > +#else > +int pax_aslr_compat_mmap_len =3D PAX_ASLR_COMPAT_DELTA_MMAP_MIN_LEN; > +int pax_aslr_compat_stack_len =3D PAX_ASLR_COMPAT_DELTA_STACK_MIN_LEN; > +int pax_aslr_compat_exec_len =3D PAX_ASLR_COMPAT_DELTA_EXEC_MIN_LEN; > +#endif /* PAX_ASLR_MAX_SEC */ > + > +SYSCTL_NODE(_security_pax_aslr, OID_AUTO, compat, CTLFLAG_RD, 0, > + "Setting for COMPAT_FREEBSD32 and linuxulator."); > + > +SYSCTL_PROC(_security_pax_aslr_compat, OID_AUTO, status, > + CTLTYPE_INT|CTLFLAG_RW|CTLFLAG_TUN|CTLFLAG_PRISON, > + NULL, 0, sysctl_pax_aslr_compat_status, "I", > + "Restrictions status. " > + "0 - disabled, " > + "1 - enabled, " > + "2 - global enabled, " > + "3 - force global enabled"); > +TUNABLE_INT("security.pax.aslr.compat.status", = > &pax_aslr_compat_status); > + > +SYSCTL_PROC(_security_pax_aslr_compat, OID_AUTO, mmap_len, > + CTLTYPE_INT|CTLFLAG_RW|CTLFLAG_TUN|CTLFLAG_PRISON, > + NULL, 0, sysctl_pax_aslr_compat_mmap, "I", > + "Number of bits randomized for mmap(2) calls. " > + "32 bit: [8,16]"); > +TUNABLE_INT("security.pax.aslr.compat.mmap", = > &pax_aslr_compat_mmap_len); > + > +SYSCTL_PROC(_security_pax_aslr_compat, OID_AUTO, stack_len, > + CTLTYPE_INT|CTLFLAG_RW|CTLFLAG_TUN|CTLFLAG_PRISON, > + NULL, 0, sysctl_pax_aslr_compat_stack, "I", > + "Number of bits randomized for the stack. " > + "32 bit: [6,12]"); > +TUNABLE_INT("security.pax.aslr.compat.stack", = > &pax_aslr_compat_stack_len); > + > +SYSCTL_PROC(_security_pax_aslr_compat, OID_AUTO, exec_len, > + CTLTYPE_INT|CTLFLAG_RW|CTLFLAG_TUN|CTLFLAG_PRISON, > + NULL, 0, sysctl_pax_aslr_compat_exec, "I", > + "Number of bits randomized for the PIE exec base. " > + "32 bit: [6,12]"); > +TUNABLE_INT("security.pax.aslr.compat.stack", = > &pax_aslr_compat_exec_len); > + > + > +static int > +sysctl_pax_aslr_compat_status(SYSCTL_HANDLER_ARGS) > +{ > + int err; > + int val, *ptr; > + struct prison *pr=3DNULL; > + > + pr =3D pax_aslr_get_prison(req->td, NULL); > + ptr =3D (pr !=3D NULL) ? &(pr->pr_pax_aslr_compat_status) : = > &pax_aslr_compat_status; > + > + if ((pr) && !(pr->pr_pax_set)) > + pax_aslr_init_prison(pr); > + > + val =3D *ptr; > + err =3D sysctl_handle_int(oidp, &val, sizeof(int), req); > + if (err || !req->newptr) > + return (err); > + > + switch (val) { > + case PAX_ASLR_DISABLED: > + case PAX_ASLR_ENABLED: > + case PAX_ASLR_GLOBAL_ENABLED: > + case PAX_ASLR_FORCE_GLOBAL_ENABLED: > + pax_aslr_compat_status =3D val; > + *ptr =3D val; > + break; > + default: > + return (EINVAL); > + } > + > + return (0); > +} > + > +static int > +sysctl_pax_aslr_compat_mmap(SYSCTL_HANDLER_ARGS) > +{ > + int err; > + int val, *ptr; > + struct prison *pr=3DNULL; > + > + pr =3D pax_aslr_get_prison(req->td, NULL); > + ptr =3D (pr !=3D NULL) ? &(pr->pr_pax_aslr_compat_mmap_len) : = > &pax_aslr_compat_mmap_len; > + > + if ((pr) && !(pr->pr_pax_set)) > + pax_aslr_init_prison(pr); > + > + val =3D *ptr; > + err =3D sysctl_handle_int(oidp, &val, sizeof(int), req); > + if (err || !req->newptr) > + return (err); > + > + if (val < PAX_ASLR_COMPAT_DELTA_MMAP_MIN_LEN > + || val > PAX_ASLR_COMPAT_DELTA_MMAP_MAX_LEN) > + return (EINVAL); > + > + pax_aslr_compat_mmap_len =3D val; > + *ptr =3D val; > + > + return (0); > +} > + > +static int > +sysctl_pax_aslr_compat_stack(SYSCTL_HANDLER_ARGS) > +{ > + int err; > + int val, *ptr; > + struct prison *pr=3DNULL; > + > + pr =3D pax_aslr_get_prison(req->td, NULL); > + ptr =3D (pr !=3D NULL) ? &(pr->pr_pax_aslr_compat_stack_len) : = > &pax_aslr_compat_stack_len; > + > + if ((pr) && !(pr->pr_pax_set)) > + pax_aslr_init_prison(pr); > + > + val =3D (pr !=3D NULL) ? pr->pr_pax_aslr_compat_stack_len : = > pax_aslr_compat_stack_len; > + err =3D sysctl_handle_int(oidp, &val, sizeof(int), req); > + if (err || !req->newptr) > + return (err); > + > + if (val < PAX_ASLR_COMPAT_DELTA_STACK_MIN_LEN > + || val > PAX_ASLR_COMPAT_DELTA_STACK_MAX_LEN) > + return (EINVAL); > + > + pax_aslr_compat_stack_len =3D val; > + *ptr =3D val; > + > + return (0); > +} > + > +static int > +sysctl_pax_aslr_compat_exec(SYSCTL_HANDLER_ARGS) > +{ > + int err; > + int val, *ptr; > + struct prison *pr=3DNULL; > + > + pr =3D pax_aslr_get_prison(req->td, NULL); > + ptr =3D (pr !=3D NULL) ? &(pr->pr_pax_aslr_compat_exec_len) : = > &pax_aslr_compat_exec_len; > + > + if ((pr) && !(pr->pr_pax_set)) > + pax_aslr_init_prison(pr); > + > + val =3D *ptr; > + err =3D sysctl_handle_int(oidp, &val, sizeof(int), req); > + if (err || !req->newptr) > + return (err); > + > + if (val < PAX_ASLR_COMPAT_DELTA_EXEC_MIN_LEN > + || val > PAX_ASLR_COMPAT_DELTA_EXEC_MAX_LEN) > + return (EINVAL); > + > + pax_aslr_compat_exec_len =3D val; > + *ptr =3D val; > + > + return (0); > +} > +#endif /* COMPAT_FREEBSD32 */ > + > + > +/* > + * ASLR functions > + */ > +bool > +pax_aslr_active(struct thread *td, struct proc *proc) > +{ > + int status; > + struct prison *pr=3DNULL; > +#ifdef notyet > + uint32_t flags; > +#endif /* notyet */ > + > + if (!(td) && !(proc)) > + return (true); > + > +#ifdef notyet > + flags =3D (td !=3D NULL) ? td->td_proc->p_pax : proc->p_pax; > +#endif /* notyet */ > + pr =3D pax_aslr_get_prison(td, proc); > + > + if ((pr) && !(pr->pr_pax_set)) > + pax_aslr_init_prison(pr); > + > + status =3D (pr !=3D NULL) ? pr->pr_pax_aslr_status : = > pax_aslr_status; > + > + switch (status) { > + case PAX_ASLR_DISABLED: > + return (false); > + case PAX_ASLR_FORCE_GLOBAL_ENABLED: > + return (true); > + case PAX_ASLR_ENABLED: > +#ifdef notyet > + if ((flags & ELF_NOTE_PAX_ASLR) =3D=3D 0) > + return (false); > +#endif /* notyet */ > + break; > + case PAX_ASLR_GLOBAL_ENABLED: > +#ifdef notyet > + if ((flags & ELF_NOTE_PAX_NOASLR) !=3D 0) > + return (false); > +#endif /* notyet */ > + break; > + default: > + return (true); > + } > + > + return (true); > +} > + > +struct prison * > +pax_aslr_get_prison(struct thread *td, struct proc *proc) > +{ > + if ((td)) { > + if ((td->td_proc) && (td->td_proc->p_ucred)) > + return td->td_proc->p_ucred->cr_prison; > + > + return NULL; > + } > + > + if (!(proc)) > + return NULL; > + > + return proc->p_ucred->cr_prison; > +} > + > +void > +pax_aslr_init_prison(struct prison *pr) > +{ > + if (!(pr)) > + return; > + > + if (pr->pr_pax_set) > + return; > + > + if (pax_aslr_debug) > + uprintf("[PaX ASLR] pax_aslr_init_prison: Setting prison %s = > ASLR variables\n", pr->pr_name); > + > + pr->pr_pax_aslr_status =3D pax_aslr_status; > + pr->pr_pax_aslr_debug =3D pax_aslr_debug; > + pr->pr_pax_aslr_mmap_len =3D pax_aslr_mmap_len; > + pr->pr_pax_aslr_stack_len =3D pax_aslr_stack_len; > + pr->pr_pax_aslr_exec_len =3D pax_aslr_exec_len; > + > +#ifdef COMPAT_FREEBSD32 > + pr->pr_pax_aslr_compat_status =3D pax_aslr_compat_status; > + pr->pr_pax_aslr_compat_mmap_len =3D pax_aslr_compat_mmap_len; > + pr->pr_pax_aslr_compat_stack_len =3D pax_aslr_compat_stack_len; > + pr->pr_pax_aslr_compat_exec_len =3D pax_aslr_compat_exec_len; > +#endif /* COMPAT_FREEBSD32 */ > + > + pr->pr_pax_set =3D 1; > +} > + > +void > +pax_aslr_init(struct thread *td, struct image_params *imgp) > +{ > + struct vmspace *vm; > + u_int sv_flags; > + struct prison *pr=3DNULL; > + > + pr =3D pax_aslr_get_prison(td, NULL); > + > + if ((pr) && !(pr->pr_pax_set)) > + pax_aslr_init_prison(pr); > + > + if (imgp =3D=3D NULL) { > + panic("[PaX ASLR] pax_aslr_init - imgp =3D=3D NULL"); > + } > + > + if (!pax_aslr_active(td, NULL)) > + return; > + > + vm =3D imgp->proc->p_vmspace; > + sv_flags =3D imgp->proc->p_sysent->sv_flags; > + > +#ifndef COMPAT_FREEBSD32 > + vm->vm_aslr_delta_mmap =3D PAX_ASLR_DELTA(arc4random(), > + PAX_ASLR_DELTA_MMAP_LSB, (pr !=3D NULL) ? = > pr->pr_pax_aslr_mmap_len : pax_aslr_mmap_len); > + vm->vm_aslr_delta_stack =3D PAX_ASLR_DELTA(arc4random(), > + PAX_ASLR_DELTA_STACK_LSB, (pr !=3D NULL) ? = > pr->pr_pax_aslr_stack_len : pax_aslr_stack_len); > + vm->vm_aslr_delta_stack =3D ALIGN(vm->vm_aslr_delta_stack); > + vm->vm_aslr_delta_exec =3D round_page(PAX_ASLR_DELTA(arc4random(), = > PAX_ASLR_DELTA_EXEC_LSB, (pr !=3D NULL) ? pr->pr_pax_aslr_exec_len : = > pax_aslr_exec_len)); > +#else /* COMPAT_FREEBSD32 */ > + if ((sv_flags & SV_LP64) !=3D 0) { > + vm->vm_aslr_delta_mmap =3D PAX_ASLR_DELTA(arc4random(), > + PAX_ASLR_DELTA_MMAP_LSB, (pr !=3D NULL) ? = > pr->pr_pax_aslr_mmap_len : pax_aslr_mmap_len); > + vm->vm_aslr_delta_stack =3D PAX_ASLR_DELTA(arc4random(), > + PAX_ASLR_DELTA_STACK_LSB, (pr !=3D NULL) ? = > pr->pr_pax_aslr_stack_len : pax_aslr_stack_len); > + vm->vm_aslr_delta_stack =3D ALIGN(vm->vm_aslr_delta_stack); > + } else { > + vm->vm_aslr_delta_mmap =3D PAX_ASLR_DELTA(arc4random(), > + PAX_ASLR_COMPAT_DELTA_MMAP_LSB, (pr !=3D NULL) ? = > pr->pr_pax_aslr_compat_mmap_len : pax_aslr_compat_mmap_len); > + vm->vm_aslr_delta_stack =3D PAX_ASLR_DELTA(arc4random(), > + PAX_ASLR_COMPAT_DELTA_STACK_LSB, (pr !=3D NULL) ? = > pr->pr_pax_aslr_compat_stack_len : pax_aslr_compat_stack_len); > + vm->vm_aslr_delta_stack =3D ALIGN(vm->vm_aslr_delta_stack); > + } > +#endif /* !COMPAT_FREEBSD32 */ > +} > + > +void > +pax_aslr_mmap(struct thread *td, vm_offset_t *addr, vm_offset_t = > orig_addr, int flags) > +{ > + struct prison *pr=3DNULL; > + > + pr =3D pax_aslr_get_prison(td, NULL); > + > + if (!pax_aslr_active(td, NULL)) > + return; > + > + if (!(flags & MAP_FIXED) && ((orig_addr =3D=3D 0) || !(flags & = > MAP_ANON))) { > + if (pax_aslr_debug) > + uprintf("[PaX ASLR] applying to %p orig_addr=3D%p f=3D%x\n", > + (void *)*addr, (void *)orig_addr, flags); > + if (!(td->td_proc->p_vmspace->vm_map.flags & = > MAP_ENTRY_GROWS_DOWN)) > + *addr +=3D td->td_proc->p_vmspace->vm_aslr_delta_mmap; > + else > + *addr -=3D td->td_proc->p_vmspace->vm_aslr_delta_mmap; > + if (pax_aslr_debug) > + uprintf("[PaX ASLR] result %p\n", (void *)*addr); > + } > + else if (pax_aslr_debug) > + uprintf("[PaX ASLR] not applying to %p orig_addr=3D%p f=3D%x\n", > + (void *)*addr, (void *)orig_addr, flags); > +} > + > +void > +pax_aslr_stack(struct thread *td, char **addr, char *orig_addr) > +{ > + struct prison *pr=3DNULL; > + > + pr =3D pax_aslr_get_prison(td, NULL); > + > + if (!pax_aslr_active(td, NULL)) > + return; > + > + *addr -=3D td->td_proc->p_vmspace->vm_aslr_delta_stack; > + if ((pr) && pr->pr_pax_aslr_debug) > + uprintf("[PaX ASLR] orig_addr=3D%p, addr=3D%p\n", > + (void *)orig_addr, (void *)*addr); > +} > diff --git a/sys/kern/kern_prot.c b/sys/kern/kern_prot.c > index f99e053..e575aa7 100644 > --- a/sys/kern/kern_prot.c > +++ b/sys/kern/kern_prot.c > @@ -1612,9 +1612,42 @@ p_cansched(struct thread *td, struct proc *p) > * XXX: data declarations should be together near the beginning of the = > file. > */ > static int unprivileged_proc_debug =3D 1; > +#if 0 > SYSCTL_INT(_security_bsd, OID_AUTO, unprivileged_proc_debug, = > CTLFLAG_RW, > &unprivileged_proc_debug, 0, > "Unprivileged processes may use process debugging facilities"); > +#endif > + > +int > +sysctl_unprivileged_proc_debug(SYSCTL_HANDLER_ARGS); > + > +SYSCTL_PROC(_security_bsd, OID_AUTO, unprivileged_proc_debug, > + CTLTYPE_INT | CTLFLAG_RW, &unprivileged_proc_debug, 0, > + sysctl_unprivileged_proc_debug, "I", > + "Unprivileged processes may use process debugging facilities"); > + > +int > +sysctl_unprivileged_proc_debug(SYSCTL_HANDLER_ARGS) > +{ > + static int set=3D0; > + int error =3D 0; > + int debug=3Dunprivileged_proc_debug; > + > + error =3D sysctl_handle_int(oidp, &debug, 0, req); > + if (error =3D=3D 0 && req->newptr) { > + if (debug < 0 || debug > 1) > + return (EPERM); > + > + if (debug !=3D unprivileged_proc_debug && set =3D=3D 0) { > + unprivileged_proc_debug =3D debug; > + set++; > + } else { > + return (EPERM); > + } > + } > + > + return (error); > +} > =20 > /*- > * Determine whether td may debug p. > @@ -1631,11 +1664,9 @@ p_candebug(struct thread *td, struct proc *p) > =20 > KASSERT(td =3D=3D curthread, ("%s: td not curthread", = > __func__)); > PROC_LOCK_ASSERT(p, MA_OWNED); > - if (!unprivileged_proc_debug) { > - error =3D priv_check(td, PRIV_DEBUG_UNPRIV); > - if (error) > - return (error); > - } > + if (!unprivileged_proc_debug) > + return (EPERM); > + > if (td->td_proc =3D=3D p) > return (0); > if ((error =3D prison_check(td->td_ucred, p->p_ucred))) > diff --git a/sys/sys/jail.h b/sys/sys/jail.h > index 59d791c..f2bb97c 100644 > --- a/sys/sys/jail.h > +++ b/sys/sys/jail.h > @@ -184,6 +184,20 @@ struct prison { > char pr_hostname[MAXHOSTNAMELEN]; /* (p) jail = > hostname */ > char pr_domainname[MAXHOSTNAMELEN]; /* (p) jail = > domainname */ > char pr_hostuuid[HOSTUUIDLEN]; /* (p) jail = > hostuuid */ > +#ifdef PAX_ASLR > + int pr_pax_set; > + int pr_pax_aslr_status; > + int pr_pax_aslr_debug; > + int pr_pax_aslr_mmap_len; > + int pr_pax_aslr_stack_len; > + int pr_pax_aslr_exec_len; > +#endif /* PAX_ASLR */ > +#if defined(PAX_ASLR) && defined(COMPAT_FREEBSD32) > + int pr_pax_aslr_compat_status; > + int pr_pax_aslr_compat_mmap_len; > + int pr_pax_aslr_compat_stack_len; > + int pr_pax_aslr_compat_exec_len; > +#endif /* COMPAT_FREEBSD32 */ > }; > =20 > struct prison_racct { > diff --git a/sys/sys/pax.h b/sys/sys/pax.h > new file mode 100644 > index 0000000..9c36894 > --- /dev/null > +++ b/sys/sys/pax.h > @@ -0,0 +1,166 @@ > +/*- > + * Copyright (c) 2013, by Oliver Pinter > + * All rights reserved. > + * > + * Redistribution and use in source and binary forms, with or without > + * modification, are permitted provided that the following conditions > + * are met: > + * 1. Redistributions of source code must retain the above copyright > + * notice, this list of conditions and the following disclaimer. > + * 2. The name of the developer may NOT be used to endorse or promote = > products > + * derived from this software without specific prior written = > permission. > + * > + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' = > AND > + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, = > THE > + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR = > PURPOSE > + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE = > LIABLE > + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR = > CONSEQUENTIAL > + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE = > GOODS > + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS = > INTERRUPTION) > + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, = > STRICT > + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN = > ANY WAY > + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY = > OF > + * SUCH DAMAGE. > + * > + * $FreeBSD$ > + * > + * Enhancements made by Shawn "lattera" Webb under the direction of = > SoldierX. > + */ > + > +#ifndef __SYS_PAX_H > +#define __SYS_PAX_H > + > +struct image_params; > +struct thread; > +struct vmspace; > +struct vm_offset_t; > + > +/* > + * used in sysctl handler > + */ > +#define PAX_ASLR_DISABLED 0 > +#define PAX_ASLR_ENABLED 1 > +#define PAX_ASLR_GLOBAL_ENABLED 2 > +#define PAX_ASLR_FORCE_GLOBAL_ENABLED 3 > + > +#ifndef PAX_ASLR_DELTA > +#define PAX_ASLR_DELTA(delta, lsb, len) \ > + (((delta) & ((1UL << (len)) - 1)) << (lsb)) > +#endif /* PAX_ASLR_DELTA */ > + > +#ifdef PAX_ASLR > +/* > + * generic ASLR values > + * > + * MMAP | 32 bit | 64 bit | > + * +-------+--------+--------+ > + * | MIN | 8 bit | 16 bit | > + * +-------+--------+--------+ > + * | MAX | 16 bit | 32 bit | > + * +-------+--------+--------+ > + * > + * STACK | 32 bit | 64 bit | > + * +-------+--------+--------+ > + * | MIN | 6 bit | 12 bit | > + * +-------+--------+--------+ > + * | MAX | 10 bit | 21 bit | > + * +-------+--------+--------+ > + * > + * EXEC | 32 bit | 64 bit | > + * +-------+--------+--------+ > + * | MIN | 6 bit | 12 bit | > + * +-------+--------+--------+ > + * | MAX | 10 bit | 21 bit | > + * +-------+--------+--------+ > + * > + */ > +#ifndef PAX_ASLR_DELTA_MMAP_LSB > +#define PAX_ASLR_DELTA_MMAP_LSB PAGE_SHIFT > +#endif /* PAX_ASLR_DELTA_MMAP_LSB */ > + > +#ifndef PAX_ASLR_DELTA_MMAP_MIN_LEN > +#define PAX_ASLR_DELTA_MMAP_MIN_LEN ((sizeof(void *) * NBBY) / 4) > +#endif /* PAX_ASLR_DELTA_MMAP_MAX_LEN */ > + > +#ifndef PAX_ASLR_DELTA_MMAP_MAX_LEN > +#define PAX_ASLR_DELTA_MMAP_MAX_LEN ((sizeof(void *) * NBBY) / 2) > +#endif /* PAX_ASLR_DELTA_MMAP_MAX_LEN */ > + > +#ifndef PAX_ASLR_DELTA_STACK_LSB > +#define PAX_ASLR_DELTA_STACK_LSB 3 > +#endif /* PAX_ASLR_DELTA_STACK_LSB */ > + > +#ifndef PAX_ASLR_DELTA_STACK_MIN_LEN > +#define PAX_ASLR_DELTA_STACK_MIN_LEN ((sizeof(void *) * NBBY) / 5) > +#endif /* PAX_ASLR_DELTA_STACK_MAX_LEN */ > + > +#ifndef PAX_ASLR_DELTA_STACK_MAX_LEN > +#define PAX_ASLR_DELTA_STACK_MAX_LEN ((sizeof(void *) * NBBY) / 3) > +#endif /* PAX_ASLR_DELTA_STACK_MAX_LEN */ > + > +#ifndef PAX_ASLR_DELTA_EXEC_LSB > +#define PAX_ASLR_DELTA_EXEC_LSB PAGE_SHIFT > +#endif /* PAX_ASLR_DELTA_EXEC_LSB */ > + > +#ifndef PAX_ASLR_DELTA_EXEC_MIN_LEN > +#define PAX_ASLR_DELTA_EXEC_MIN_LEN ((sizeof(void *) * NBBY) / 5) > +#endif /* PAX_ASLR_DELTA_EXEC_MAX_LEN */ > + > +#ifndef PAX_ASLR_DELTA_EXEC_MAX_LEN > +#define PAX_ASLR_DELTA_EXEC_MAX_LEN ((sizeof(void *) * NBBY) / 3) > +#endif /* PAX_ASLR_DELTA_EXEC_MAX_LEN */ > + > +/* > + * ASLR values for COMPAT_FREEBSD32 and COMPAT_LINUX > + */ > +#ifndef PAX_ASLR_COMPAT_DELTA_MMAP_LSB > +#define PAX_ASLR_COMPAT_DELTA_MMAP_LSB PAGE_SHIFT > +#endif /* PAX_ASLR_COMPAT_DELTA_MMAP_LSB */ > + > +#ifndef PAX_ASLR_COMPAT_DELTA_MMAP_MIN_LEN > +#define PAX_ASLR_COMPAT_DELTA_MMAP_MIN_LEN ((sizeof(int) * NBBY) / = > 4) > +#endif /* PAX_ASLR_COMPAT_DELTA_MMAP_MAX_LEN */ > + > +#ifndef PAX_ASLR_COMPAT_DELTA_MMAP_MAX_LEN > +#define PAX_ASLR_COMPAT_DELTA_MMAP_MAX_LEN ((sizeof(int) * NBBY) / = > 2) > +#endif /* PAX_ASLR_COMPAT_DELTA_MMAP_MAX_LEN */ > + > +#ifndef PAX_ASLR_COMPAT_DELTA_STACK_LSB > +#define PAX_ASLR_COMPAT_DELTA_STACK_LSB 3 > +#endif /* PAX_ASLR_COMPAT_DELTA_STACK_LSB */ > + > +#ifndef PAX_ASLR_COMPAT_DELTA_STACK_MIN_LEN > +#define PAX_ASLR_COMPAT_DELTA_STACK_MIN_LEN ((sizeof(int) * NBBY) / = > 5) > +#endif /* PAX_ASLR_COMPAT_DELTA_STACK_MAX_LEN */ > + > +#ifndef PAX_ASLR_COMPAT_DELTA_STACK_MAX_LEN > +#define PAX_ASLR_COMPAT_DELTA_STACK_MAX_LEN ((sizeof(int) * NBBY) / = > 3) > +#endif /* PAX_ASLR_COMPAT_DELTA_STACK_MAX_LEN */ > + > +#ifndef PAX_ASLR_COMPAT_DELTA_EXEC_MIN_LEN > +#define PAX_ASLR_COMPAT_DELTA_EXEC_MIN_LEN ((sizeof(int) * NBBY) / = > 5) > +#endif /* PAX_ASLR_COMPAT_DELTA_EXEC_MAX_LEN */ > + > +#ifndef PAX_ASLR_COMPAT_DELTA_EXEC_MAX_LEN > +#define PAX_ASLR_COMPAT_DELTA_EXEC_MAX_LEN ((sizeof(int) * NBBY) / = > 3) > +#endif /* PAX_ASLR_COMPAT_DELTA_EXEC_MAX_LEN */ > + > +extern int pax_aslr_status; > +extern int pax_aslr_debug; > +extern int pax_aslr_compat_status; > + > +extern int pax_aslr_mmap_len; > +extern int pax_aslr_stack_len; > +extern int pax_aslr_exec_len; > +#endif /* PAX_ASLR */ > + > +void pax_init(void); > +void pax_aslr_init_prison(struct prison *pr); > +bool pax_aslr_active(struct thread *td, struct proc *proc); > +void pax_aslr_init(struct thread *td, struct image_params *imgp); > +void pax_aslr_mmap(struct thread *td, vm_offset_t *addr, > + vm_offset_t orig_addr, int flags); > +void pax_aslr_stack(struct thread *td, char **addr, char *orig_addr); > +struct prison *pax_aslr_get_prison(struct thread *td, struct proc = > *proc); > + > +#endif /* __SYS_PAX_H */ > > --Apple-Mail=_B6453ACB-0EC9-4C80-B575-87E00F273BCF-- > _______________________________________________ > freebsd-bugs@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-bugs > To unsubscribe, send any mail to "freebsd-bugs-unsubscribe@freebsd.org" >