Print this page
uts: Allow for address space randomisation.
Randomise the base addresses of shared objects, non-fixed mappings, the
stack and the heap.  Introduce a service, svc:/system/process-security,
and a tool psecflags(1) to control and observe it

@@ -590,10 +590,11 @@
                 if (def == NULL) {
                         ret = PAM_SYSTEM_ERR;
                         goto out;
                 }
                 priv_basicset(def);
+                (void) priv_addset(def, PRIV_PROC_SECFLAGS);
                 errno = 0;
                 if ((pathconf("/", _PC_CHOWN_RESTRICTED) == -1) && (errno == 0))
                         (void) priv_addset(def, PRIV_FILE_CHOWN_SELF);
         }
         /*