7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.

*** 1355,1364 ****
--- 1355,1365 ----
  @ MSG_ARG_CYL           "-YL"
  @ MSG_ARG_CYP           "-YP"
  @ MSG_ARG_CYU           "-YU"
  @ MSG_ARG_Z             "-z"
  @ MSG_ARG_ZDEFNODEF     "-z[defs|nodefs]"
+ @ MSG_ARG_ZASLR         "-zaslr"
  @ MSG_ARG_ZGUIDE        "-zguidance"
  @ MSG_ARG_ZNODEF        "-znodefs"
  @ MSG_ARG_ZNOINTERP     "-znointerp"
  @ MSG_ARG_ZRELAXRELOC   "-zrelaxreloc"
  @ MSG_ARG_ZNORELAXRELOC "-znorelaxreloc"
*** 1371,1380 ****
--- 1372,1382 ----
  @ MSG_ARG_ZSYMBOLCAP    "-zsymbolcap"
  @ MSG_ARG_ZFATWNOFATW   "-z[fatal-warnings|nofatalwarnings]"
  
  @ MSG_ARG_ABSEXEC       "absexec"
  @ MSG_ARG_ALTEXEC64     "altexec64"
+ @ MSG_ARG_ASLR          "aslr"
  @ MSG_ARG_NOCOMPSTRTAB  "nocompstrtab"
  @ MSG_ARG_GROUPPERM     "groupperm"
  @ MSG_ARG_NOGROUPPERM   "nogroupperm"
  @ MSG_ARG_LAZYLOAD      "lazyload"
  @ MSG_ARG_NOLAZYLOAD    "nolazyload"
*** 1471,1480 ****
--- 1473,1485 ----
  @ MSG_ARG_T_WHOLEARC    "-whole-archive"
  @ MSG_ARG_T_WRAP        "-wrap"
  @ MSG_ARG_T_OPAR        "("
  @ MSG_ARG_T_CPAR        ")"
  
+ @ MSG_ARG_ENABLED       "enabled"
+ @ MSG_ARG_DISABLED      "disabled"
+ 
  # -z guidance=item strings
  @ MSG_ARG_GUIDE_DELIM           ",: \t"
  @ MSG_ARG_GUIDE_NO_ALL          "noall"
  @ MSG_ARG_GUIDE_NO_DEFS         "nodefs"
  @ MSG_ARG_GUIDE_NO_DIRECT       "nodirect"