Print this page
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.

*** 1085,1094 **** --- 1085,1099 ---- cp->p_usrstack = pp->p_usrstack; cp->p_model = pp->p_model; cp->p_ppid = pp->p_pid; cp->p_ancpid = pp->p_pid; cp->p_portcnt = pp->p_portcnt; + /* + * Security flags are preserved on fork, the inherited copy come into + * effect on exec + */ + bcopy(&pp->p_secflags, &cp->p_secflags, sizeof (psecflags_t)); /* * Initialize watchpoint structures */ avl_create(&cp->p_warea, wa_compare, sizeof (struct watched_area),