7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.

@@ -52,10 +52,11 @@
 #include <sys/stack.h>
 #include <sys/fault.h>
 #include <sys/syscall.h>
 #include <sys/sysmacros.h>
 #include <sys/systeminfo.h>
+#include <sys/secflags.h>
 
 #include "libproc.h"
 #include "Pcontrol.h"
 #include "Putil.h"
 #include "P32ton.h"

@@ -174,10 +175,17 @@
 Pcred_live(struct ps_prochandle *P, prcred_t *pcrp, int ngroups, void *data)
 {
         return (proc_get_cred(P->pid, pcrp, ngroups));
 }
 
+/* ARGSUSED */
+static int
+Psecflags_live(struct ps_prochandle *P, prsecflags_t **psf, void *data)
+{
+        return (proc_get_secflags(P->pid, psf));
+}
+
 /*ARGSUSED*/
 static int
 Ppriv_live(struct ps_prochandle *P, prpriv_t **pprv, void *data)
 {
         prpriv_t *pp;

@@ -324,10 +332,11 @@
         .pop_lpsinfo    = Plpsinfo_live,
         .pop_platform   = Pplatform_live,
         .pop_uname      = Puname_live,
         .pop_zonename   = Pzonename_live,
         .pop_execname   = Pexecname_live,
+        .pop_secflags   = Psecflags_live,
 #if defined(__i386) || defined(__amd64)
         .pop_ldt        = Pldt_live
 #endif
 };
 

@@ -1291,10 +1300,32 @@
 Pcred(struct ps_prochandle *P, prcred_t *pcrp, int ngroups)
 {
         return (P->ops.pop_cred(P, pcrp, ngroups, P->data));
 }
 
+/* Return an allocated prsecflags_t */
+int
+Psecflags(struct ps_prochandle *P, prsecflags_t **psf)
+{
+        int ret;
+
+        if ((ret = P->ops.pop_secflags(P, psf, P->data)) == 0) {
+                if ((*psf)->pr_version != PRSECFLAGS_VERSION_1) {
+                        errno = EINVAL;
+                        return (-1);
+                }
+        }
+
+        return (ret);
+}
+
+void
+Psecflags_free(prsecflags_t *psf)
+{
+        free(psf);
+}
+
 static prheader_t *
 Plstatus(struct ps_prochandle *P)
 {
         return (P->ops.pop_lstatus(P, P->data));
 }