Print this page
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.

@@ -838,10 +838,27 @@
 
 
        The full size of the structure can be computed using
        PRIV_PRPRIV_SIZE(prpriv_t *).
 
+   secflags
+       This file contains the security-flags of the process.  It contains a
+       description of the security flags associated with the process.
+
+         typedef struct prsecflags {
+              uint32_t pr_version;          /* ABI Versioning of this structure */
+              secflagset_t pr_effective;    /* Effective flags */
+              secflagset_t pr_inherit; /* Inheritable flags */
+              secflagset_t pr_lower;        /* Lower flags */
+              secflagset_t pr_upper;        /* Upper flags */
+         } prsecflags_t;
+
+
+
+       The pr_version field is a version number for the structure, currently
+       PRSECFLAGS_VERSION_1.
+
    sigact
        Contains an array of sigaction structures describing the current
        dispositions of all signals associated with the traced process (see
        sigaction(2)). Signal numbers are displaced by 1 from array indices, so
        that the action for signal number n appears in position n-1 of the

@@ -2185,11 +2202,11 @@
        readlink(2), readv(2), shmget(2), sigaction(2), sigaltstack(2),
        vfork(2), write(2), writev(2), _stack_grow(3C), readdir(3C),
        pthread_create(3C), pthread_join(3C), siginfo.h(3HEAD),
        signal.h(3HEAD), thr_create(3C), thr_join(3C), types32.h(3HEAD),
        ucontext.h(3HEAD), wait(3C), contract(4), core(4), process(4),
-       lfcompile(5), privileges(5)
+       lfcompile(5), privileges(5), security-flags(5)
 
 DIAGNOSTICS
        Errors that can occur in addition to the errors normally associated
        with file system access:
 

@@ -2318,6 +2335,6 @@
        <sys/regset.h> are similar to but not the same as the types prgregset_t
        and prfpregset_t defined in <procfs.h>.
 
 
 
-                                March 31, 2013                         PROC(4)
+                                 July 23, 2015                         PROC(4)