posix_spawn(3): add POSIX_SPAWN_DISABLE_ASLR_NP

similar to Apple _POSIX_SPAWN_DISABLE_ASLR

Reviewed by:	emaste, kevans
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D44195

include/spawn.h

@@ -59,6 +59,7 @@ typedef struct __posix_spawn_file_actions	*posix_spawn_file_actions_t;
 #define POSIX_SPAWN_SETSCHEDULER	0x08
 #define POSIX_SPAWN_SETSIGDEF		0x10
 #define POSIX_SPAWN_SETSIGMASK		0x20
+#define	POSIX_SPAWN_DISABLE_ASLR_NP	0x40
 
 __BEGIN_DECLS
 /*

lib/libc/gen/posix_spawn.c

@@ -28,6 +28,7 @@
 
 #include "namespace.h"
 #include <sys/param.h>
+#include <sys/procctl.h>
 #include <sys/queue.h>
 #include <sys/wait.h>
 
@@ -91,7 +92,7 @@ static int
 process_spawnattr(const posix_spawnattr_t sa)
 {
 	struct sigaction sigact = { .sa_flags = 0, .sa_handler = SIG_DFL };
-	int i;
+	int aslr, i;
 
 	/*
 	 * POSIX doesn't really describe in which order everything
@@ -139,6 +140,13 @@ process_spawnattr(const posix_spawnattr_t sa)
 		}
 	}
 
+	/* Disable ASLR. */
+	if ((sa->sa_flags & POSIX_SPAWN_DISABLE_ASLR_NP) != 0) {
+		aslr = PROC_ASLR_FORCE_DISABLE;
+		if (procctl(P_PID, 0, PROC_ASLR_CTL, &aslr) != 0)
+			return (errno);
+	}
+
 	return (0);
 }
 
@@ -631,7 +639,8 @@ posix_spawnattr_setflags(posix_spawnattr_t *sa, short flags)
 {
 	if ((flags & ~(POSIX_SPAWN_RESETIDS | POSIX_SPAWN_SETPGROUP |
 	    POSIX_SPAWN_SETSCHEDPARAM | POSIX_SPAWN_SETSCHEDULER |
-	    POSIX_SPAWN_SETSIGDEF | POSIX_SPAWN_SETSIGMASK)) != 0)
+	    POSIX_SPAWN_SETSIGDEF | POSIX_SPAWN_SETSIGMASK |
+	    POSIX_SPAWN_DISABLE_ASLR_NP)) != 0)
 		return (EINVAL);
 	(*sa)->sa_flags = flags;
 	return (0);