7029 want per-process exploit mitigation features (secflags) 7030 want basic address space layout randomization (ASLR) 7031 noexec_user_stack should be a security-flag 7032 want a means to forbid mappings around NULL Reviewed by: Robert Mustacchi <rm@joyent.com> Reviewed by: Josef 'Jeff' Sipek <jeffpc@josefsipek.net> Reviewed by: Patrick Mooney <pmooney@joyent.com> Approved by: Dan McDonald <danmcd@omniti.com>
5830 want arc4random(3C) suite 5802 want getentropy(3C) 5803 want getrandom(2) 5804 want explicit_bzero(3C) 5805 want MC_INHERIT_ZERO 5806 uuid_generate can leak its cache in edge conditions Reviewed by: Jerry Jelinek <jerry.jelinek@joyent.com> Reviewed by: Joshua M. Clulow <josh@sysmgr.org> Reviewed by: Josef 'Jeff' Sipek <josef.sipek@nexenta.com> Reviewed by: Garrett D'Amore <garrett@damore.org> Approved by: Garrett D'Amore <garrett@damore.org>
3713 Implement accept4() 3714 Implement pipe2() 3715 Implement dup3() 3716 Implement mkostemp() and mkostemps() 3719 so_socketpair syscall should preserve FD_CLOEXEC flag Reviewed by: Dan McDonald <danmcd@nexenta.com> Reviewed by: Robert Mustacchi <rm@joyent.com> Approved by: Garrett D'Amore <garrett@damore.org>
PSARC/2009/590 Socket Filter Framework 6939085 Socket Filter Framework 6802067 connect_failed kernel socket callback is not triggered 6776450 time spent in tcp_close could be reduced/deferred to a worker thread 6828586 assertion failed: family == 26, file: ../../common/fs/sockfs/socksyscalls.c, line: 1608 6802078 kernel socket 'newconn' callback is passing rcv queue size as an argument
PSARC 2010/235 POSIX 1003.1-2008 *at(2) syscalls 6910251 need support for all POSIX.1-2008 *at(2) syscalls 6964835 mknod(2) auditing omits the pathname for invalid arguments
PSARC 2009/657 delete obsolete system call traps 6906485 delete obsolete system call traps --HG-- rename : usr/src/cmd/truss/xstat.c => usr/src/cmd/truss/stat.c rename : usr/src/lib/libc/port/gen/dup2.c => usr/src/lib/libc/port/gen/dup.c rename : usr/src/lib/libc/port/sys/libc_fcntl.c => usr/src/lib/libc/port/sys/fcntl.c rename : usr/src/lib/libc/port/sys/libc_open.c => usr/src/lib/libc/port/sys/open.c
PSARC 2009/595 delete ssig system call trap 6896743 The ancient SVR3 ssig() system call trap should be deleted
PSARC 2009/453 futimens, utimensat 6815302 Implement futimens, utimensat(POSIX.1-2008) -set file modification times with nanosecond granularity 6539657 touch(1) does not set the nanosecond timestamp of a file correctly
6861993 "truss" does not understand flags used by mmapobj(2)
PSARC 2007/064 Unified POSIX and Windows Credentials for Solaris 4994017 data structure sharing between rpcbind and libnsl leads to accidents 6549510 Need the ability to store SIDs in the Solaris cred_t 6549515 PSARC 2007/064: uid_t and gid_t to become unsigned
PSARC 2006/554 setproject(3PROJECT) defining, and enhancing behaviour 6194864 simultaneous setproject()'s on the same project can fail to set rctl 6449567 setproject(3PROJECT) deletes resource controls set through prctl(1M) 6450539 projmod(1M) does not provide a mechanism to refresh "in-core" enforced resource controls 6491754 project.max-contracts should not allow basic privileges 6491804 task.final project property is not honoured if pools are not enabled
PSARC 2006/659 fork extensions 6497356 fork extensions --HG-- rename : usr/src/lib/libc/amd64/sys/forkall.s => usr/src/lib/libc/amd64/sys/forkallx.s rename : usr/src/lib/libc/amd64/sys/fork1.s => usr/src/lib/libc/amd64/sys/forkx.s rename : usr/src/lib/libc/amd64/sys/vfork.s => usr/src/lib/libc/amd64/sys/vforkx.s rename : usr/src/lib/libc/i386/sys/forkall.s => usr/src/lib/libc/i386/sys/forkallx.s rename : usr/src/lib/libc/i386/sys/fork1.s => usr/src/lib/libc/i386/sys/forkx.s rename : usr/src/lib/libc/i386/sys/vfork.s => usr/src/lib/libc/i386/sys/vforkx.s rename : usr/src/lib/libc/sparc/sys/forkall.s => usr/src/lib/libc/sparc/sys/forkallx.s rename : usr/src/lib/libc/sparc/sys/fork1.s => usr/src/lib/libc/sparc/sys/forkx.s rename : usr/src/lib/libc/sparc/sys/vfork.s => usr/src/lib/libc/sparc/sys/vforkx.s
6201153 rctl exceeded message should include zonename 6340634 truss should decode rctls
PSARC/2002/762 Layered Trusted Solaris PSARC/2005/060 TSNET: Trusted Networking with Security Labels PSARC/2005/259 Layered Trusted Solaris Label Interfaces PSARC/2005/573 Solaris Trusted Extensions for Printing PSARC/2005/691 Trusted Extensions for Device Allocation PSARC/2005/723 Solaris Trusted Extensions Filesystem Labeling PSARC/2006/009 Labeled Auditing PSARC/2006/155 Trusted Extensions RBAC Changes PSARC/2006/191 is_system_labeled 6293271 Zone processes should use zone_kcred instead of kcred 6394554 integrate Solaris Trusted Extensions --HG-- rename : usr/src/cmd/dminfo/Makefile => deleted_files/usr/src/cmd/dminfo/Makefile rename : usr/src/cmd/dminfo/dminfo.c => usr/src/cmd/allocate/dminfo.c
OpenSolaris Launch