Print this page
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.

Split Close
Expand all
Collapse all
          --- old/usr/src/lib/libbsm/adt_record.dtd.1.man.txt
          +++ new/usr/src/lib/libbsm/adt_record.dtd.1.man.txt
↓ open down ↓ 165 lines elided ↑ open up ↑
 166  166  <!-- exec_env token --> <!ELEMENT exec_env        (env*)> <!ELEMENT env
 167  167                 (#PCDATA)>
 168  168  
 169  169  <!-- arbitrary token --> <!ELEMENT arbitrary      (#PCDATA)> <!ATTLIST
 170  170  arbitrary           print          CDATA #REQUIRED          type      CDATA
 171  171  #REQUIRED           count          CDATA #REQUIRED >
 172  172  
 173  173  <!-- privilege token --> <!ELEMENT privilege      (#PCDATA)> <!ATTLIST
 174  174  privilege           set-type  CDATA #REQUIRED >
 175  175  
      176 +<!-- secflags token --> <!ELEMENT secflags        (#PCDATA)> <!ATTLIST
      177 +secflags       set-type  CDATA #REQUIRED >
      178 +
      179 +
 176  180  <!-- use_of_privilege token --> <!ELEMENT use_of_privilege  (#PCDATA)>
 177  181  <!ATTLIST use_of_privilege         result         CDATA #REQUIRED >
 178  182  
 179  183  <!-- sensitivity_label token --> <!ELEMENT sensitivity_label     (#PCDATA)>
 180  184  
 181  185  <!-- use_of_authorization token --> <!ELEMENT use_of_authorization
 182  186       (#PCDATA)>
 183  187  
 184  188  <!-- IPC token --> <!ELEMENT IPC             EMPTY> <!ATTLIST IPC
 185  189            ipc-type  CDATA #REQUIRED          ipc-id         CDATA #REQUIRED >
↓ open down ↓ 77 lines elided ↑ open up ↑
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX