Print this page
uts: Allow for address space randomisation.
Randomise the base addresses of shared objects, non-fixed mappings, the
stack and the heap.  Introduce a service, svc:/system/process-security,
and a tool psecflags(1) to control and observe it

@@ -213,10 +213,12 @@
         kcred->cr_zone = &zone0;
 
         priv_fillset(&CR_LPRIV(kcred));
         CR_IPRIV(kcred) = *priv_basic;
 
+        priv_addset(&CR_IPRIV(kcred), PRIV_PROC_SECFLAGS);
+
         /* Not a basic privilege, if chown is not restricted add it to I0 */
         if (!rstchown)
                 priv_addset(&CR_IPRIV(kcred), PRIV_FILE_CHOWN_SELF);
 
         /* Basic privilege, if link is restricted remove it from I0 */