7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.

*** 192,201 ****
--- 192,202 ----
          .pop_fini       = (pop_fini_t)Pdefault_void,
          .pop_platform   = (pop_platform_t)Pdefault_voidp,
          .pop_uname      = (pop_uname_t)Pdefault_int,
          .pop_zonename   = (pop_zonename_t)Pdefault_voidp,
          .pop_execname   = (pop_execname_t)Pdefault_voidp,
+         .pop_secflags   = (pop_secflags_t)Pdefault_int,
  #if defined(__i386) || defined(__amd64)
          .pop_ldt        = (pop_ldt_t)Pdefault_int
  #endif
  };
  
*** 237,246 ****
--- 238,249 ----
                  dst->pop_uname = src->pop_uname;
          if (src->pop_zonename != NULL)
                  dst->pop_zonename = src->pop_zonename;
          if (src->pop_execname != NULL)
                  dst->pop_execname = src->pop_execname;
+         if (src->pop_secflags != NULL)
+                 dst->pop_secflags = src->pop_secflags;
  #if defined(__i386) || defined(__amd64)
          if (src->pop_ldt != NULL)
                  dst->pop_ldt = src->pop_ldt;
  #endif
  }