SECURITY-FLAGS(7) Standards, Environments, and Macros SECURITY-FLAGS(7)

NAME


security-flags - process security flags

DESCRIPTION


Each process on an illumos system has an associated set of security-
flags which describe additional per-process security and exploit
mitigation features which are enabled for that process.

There are four sets of these flags for each process, the effective
set (abbreviated E) are the set which currently apply to the process
and are immutable. The inheritable set (abbreviated I) are the flags
which will become effective the next time the process calls one of
the exec(2) family of functions, and will be inherited as both the
effective and inheritable sets by any child processes. The upper set
(abbreviated U) specify the maximal flags that a process can have in
its inheritable set. The lower set (abbreviated L) specify the
minimal amount of flags that a process must have in its inheritable
set. The inheritable set may be changed at any time, subject to
permissions and the lower and upper sets.

To change the security-flags of a process one must have both
permissions equivalent to those required to send a signal to the
process and have the PRIV_PROC_SECFLAGS privilege.

Currently available features are:


Address Space Layout Randomisation (ASLR)
The base addresses of the stack, heap and shared library
(including ld.so) mappings are randomised, the bases of
mapped regions other than those using MAP_FIXED are
randomised.

Currently, executable base addresses are not randomised,
due to which the mitigation provided by this feature is
currently limited.

This flag may also be enabled by the presence of the
DT_SUNW_ASLR dynamic tag in the .dynamic section of the
executable file. If this tag has a value of 1, ASLR will
be enabled. If the flag has a value of 0 ASLR will be
disabled. If the tag is not present, the value of the ASLR
flag will be inherited as normal.


Forbid mappings at NULL (FORBIDNULLMAP)
Mappings with an address of 0 are forbidden, and return
EINVAL rather than being honored.


Make the userspace stack non-executable (NOEXECSTACK)
The stack will be mapped without executable permission,
and attempts to execute it will fault.

System default security-flags are configured via properties on the
svc:/system/process-security service, which contains a boolean
property per-flag in the default, lower and upper, property groups.
The value indicates the setting of the flag, flags with no value take
their defaults. For example, to enable ASLR by default you would
execute the following commands:

# svccfg -s svc:/system/process-security setprop default/aslr = true


To restore the setting to the defaults you would execute:

# svccfg -s svc:/system/process-security delpropvalue default/aslr true


This can be done by any user with the solaris.smf.value.process-
security authorization.

Since security-flags are strictly inherited, this will not take
effect until the system or zone is next booted.


SEE ALSO


psecflags(1), brk(2), exec(2), mmap(2), mmapobj(2), privileges(7),
rbac(7), svccfg(8)

June 6, 2016 SECURITY-FLAGS(7)
tribblix@gmail.com :: GitHub :: Privacy