Print this page
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.

*** 316,325 **** --- 316,330 ---- Allows all that PRIV_PROC_PRIOUP allows. Allows a process to change its scheduling class to any scheduling class, including the RT class. + basic privilege PRIV_PROC_SECFLAGS + + Allows a process to manipulate the secflags of processes (subject to, + additionally, the ability to signal that process) + basic privilege PRIV_PROC_SESSION Allows a process to send signals or trace processes outside its session.