Print this page
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.

*** 213,222 **** --- 213,224 ---- kcred->cr_zone = &zone0; priv_fillset(&CR_LPRIV(kcred)); CR_IPRIV(kcred) = *priv_basic; + priv_addset(&CR_IPRIV(kcred), PRIV_PROC_SECFLAGS); + /* Not a basic privilege, if chown is not restricted add it to I0 */ if (!rstchown) priv_addset(&CR_IPRIV(kcred), PRIV_FILE_CHOWN_SELF); /* Basic privilege, if link is restricted remove it from I0 */