il_7029 Sdiff usr/src/man/man5/privileges.5.man

Print this page

7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.

 346            apply: the effective privilege set of the attaching process must be
 347            a superset of the target process's effective, permitted, and
 348            inheritable sets; the limit set must be a superset of the target's
 349            limit set; if the target process has any UID set to 0 all privilege
 350            must be asserted unless the effective UID is 0. Allow a process to
 351            bind arbitrary processes to CPUs.
 352 
 353 
 354        PRIV_PROC_PRIOUP
 355 
 356            Allow a process to elevate its priority above its current level.
 357 
 358 
 359        PRIV_PROC_PRIOCNTL
 360 
 361            Allows all that PRIV_PROC_PRIOUP allows.  Allow a process to change
 362            its scheduling class to any scheduling class, including the RT
 363            class.
 364 
 365 






 366        PRIV_PROC_SESSION
 367 
 368            Allow a process to send signals or trace processes outside its
 369            session.
 370 
 371 
 372        PRIV_PROC_SETID
 373 
 374            Allow a process to set its UIDs at will, assuming UID 0 requires
 375            all privileges to be asserted.
 376 
 377 
 378        PRIV_PROC_TASKID
 379 
 380            Allow a process to assign a new task ID to the calling process.
 381 
 382 
 383        PRIV_PROC_ZONE
 384 
 385            Allow a process to trace or send signals to processes in other

 346            apply: the effective privilege set of the attaching process must be
 347            a superset of the target process's effective, permitted, and
 348            inheritable sets; the limit set must be a superset of the target's
 349            limit set; if the target process has any UID set to 0 all privilege
 350            must be asserted unless the effective UID is 0. Allow a process to
 351            bind arbitrary processes to CPUs.
 352 
 353 
 354        PRIV_PROC_PRIOUP
 355 
 356            Allow a process to elevate its priority above its current level.
 357 
 358 
 359        PRIV_PROC_PRIOCNTL
 360 
 361            Allows all that PRIV_PROC_PRIOUP allows.  Allow a process to change
 362            its scheduling class to any scheduling class, including the RT
 363            class.
 364 
 365 
 366        PRIV_PROC_SECFLAGS
 367 
 368            Allow a process to manipulate the secflags of processes (subject
 369            to, additionally, the ability to signal that process).
 370 
 371 
 372        PRIV_PROC_SESSION
 373 
 374            Allow a process to send signals or trace processes outside its
 375            session.
 376 
 377 
 378        PRIV_PROC_SETID
 379 
 380            Allow a process to set its UIDs at will, assuming UID 0 requires
 381            all privileges to be asserted.
 382 
 383 
 384        PRIV_PROC_TASKID
 385 
 386            Allow a process to assign a new task ID to the calling process.
 387 
 388 
 389        PRIV_PROC_ZONE
 390 
 391            Allow a process to trace or send signals to processes in other