Print this page
uts: Allow for address space randomisation.
Randomise the base addresses of shared objects, non-fixed mappings, the
stack and the heap.  Introduce a service, svc:/system/process-security,
and a tool psecflags(1) to control and observe it

Split Close
Expand all
Collapse all
          --- old/usr/src/man/man5/privileges.5
          +++ new/usr/src/man/man5/privileges.5
↓ open down ↓ 548 lines elided ↑ open up ↑
 549  549  .sp .6
 550  550  .RS 4n
 551  551  Allows all that PRIV_PROC_PRIOUP allows.
 552  552  Allow a process to change its scheduling class to any scheduling class,
 553  553  including the RT class.
 554  554  .RE
 555  555  
 556  556  .sp
 557  557  .ne 2
 558  558  .na
      559 +\fB\PRIV_PROC_SECFLAGS\fR
      560 +.ad
      561 +.sp .6
      562 +.RS 4n
      563 +Allow a process to manipulate the secflags of processes (subject to,
      564 +additionally, the ability to signal that process)
      565 +.RE
      566 +
      567 +.sp
      568 +.ne 2
      569 +.na
 559  570  \fB\fBPRIV_PROC_SESSION\fR\fR
 560  571  .ad
 561  572  .sp .6
 562  573  .RS 4n
 563  574  Allow a process to send signals or trace processes outside its session.
 564  575  .RE
 565  576  
 566  577  .sp
 567  578  .ne 2
 568  579  .na
↓ open down ↓ 766 lines elided ↑ open up ↑
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX