Print this page
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.

Split Close
Expand all
Collapse all
          --- old/usr/src/lib/libbsm/adt_record.dtd.1
          +++ new/usr/src/lib/libbsm/adt_record.dtd.1
↓ open down ↓ 272 lines elided ↑ open up ↑
 273  273                  type            CDATA #REQUIRED
 274  274                  count           CDATA #REQUIRED
 275  275  >
 276  276  
 277  277  <!-- privilege token -->
 278  278  <!ELEMENT privilege             (#PCDATA)>
 279  279  <!ATTLIST privilege
 280  280                  set-type        CDATA #REQUIRED
 281  281  >
 282  282  
      283 +<!-- secflags token -->
      284 +<!ELEMENT secflags              (#PCDATA)>
      285 +<!ATTLIST secflags
      286 +                set-type        CDATA #REQUIRED
      287 +>
      288 +
      289 +
 283  290  <!-- use_of_privilege token -->
 284  291  <!ELEMENT use_of_privilege      (#PCDATA)>
 285  292  <!ATTLIST use_of_privilege
 286  293                  result          CDATA #REQUIRED
 287  294  >
 288  295  
 289  296  <!-- sensitivity_label token -->
 290  297  <!ELEMENT sensitivity_label     (#PCDATA)>
 291  298  
 292  299  <!-- use_of_authorization token -->
↓ open down ↓ 134 lines elided ↑ open up ↑
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX