il_7029-2 Cdiff usr/src/lib/libbsm/adt

Print this page

7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.


*** 278,287 ****
--- 278,294 ----
  <!ELEMENT privilege             (#PCDATA)>
  <!ATTLIST privilege
                  set-type        CDATA #REQUIRED
  >
  
+ <!-- secflags token -->
+ <!ELEMENT secflags              (#PCDATA)>
+ <!ATTLIST secflags
+                 set-type        CDATA #REQUIRED
+ >
+ 
+ 
  <!-- use_of_privilege token -->
  <!ELEMENT use_of_privilege      (#PCDATA)>
  <!ATTLIST use_of_privilege
                  result          CDATA #REQUIRED
  >