Print this page
Code review comments from jeffpc
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.

Split Close
Expand all
Collapse all
          --- old/usr/src/man/man5/privileges.5.man.txt
          +++ new/usr/src/man/man5/privileges.5.man.txt
↓ open down ↓ 355 lines elided ↑ open up ↑
 356  356             Allow a process to elevate its priority above its current level.
 357  357  
 358  358  
 359  359         PRIV_PROC_PRIOCNTL
 360  360  
 361  361             Allows all that PRIV_PROC_PRIOUP allows.  Allow a process to change
 362  362             its scheduling class to any scheduling class, including the RT
 363  363             class.
 364  364  
 365  365  
      366 +       PRIV_PROC_SECFLAGS
      367 +
      368 +           Allow a process to manipulate the secflags of processes (subject
      369 +           to, additionally, the ability to signal that process).
      370 +
      371 +
 366  372         PRIV_PROC_SESSION
 367  373  
 368  374             Allow a process to send signals or trace processes outside its
 369  375             session.
 370  376  
 371  377  
 372  378         PRIV_PROC_SETID
 373  379  
 374  380             Allow a process to set its UIDs at will, assuming UID 0 requires
 375  381             all privileges to be asserted.
↓ open down ↓ 536 lines elided ↑ open up ↑
 912  918         socket(3SOCKET), t_bind(3NSL), timer_create(3C), ucred_get(3C),
 913  919         exec_attr(4), proc(4), system(4), user_attr(4), xVM(5), ddi_cred(9F),
 914  920         drv_priv(9F), priv_getbyname(9F), priv_policy(9F),
 915  921         priv_policy_choice(9F), priv_policy_only(9F)
 916  922  
 917  923  
 918  924         System Administration Guide: Security Services
 919  925  
 920  926  
 921  927  
 922      -                               October 30, 2015                  PRIVILEGES(5)
      928 +                                 June 6, 2016                    PRIVILEGES(5)
    
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX