7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.

@@ -53,10 +53,11 @@
 #include <sys/auxv.h>
 #include <sys/resource.h>
 #include <sys/socket.h>
 #include <sys/utsname.h>
 #include <sys/corectl.h>
+#include <sys/secflags.h>
 #if defined(__i386) || defined(__amd64)
 #include <sys/sysi86.h>
 #endif
 
 #ifdef  __cplusplus

@@ -190,10 +191,11 @@
 typedef void (*pop_read_aux_t)(struct ps_prochandle *, auxv_t **, int *,
     void *);
 typedef int (*pop_cred_t)(struct ps_prochandle *, prcred_t *, int,
     void *);
 typedef int (*pop_priv_t)(struct ps_prochandle *, prpriv_t **, void *);
+typedef int (*pop_secflags_t)(struct ps_prochandle *, prsecflags_t **, void *);
 typedef const psinfo_t *(*pop_psinfo_t)(struct ps_prochandle *, psinfo_t *,
     void *);
 typedef void (*pop_status_t)(struct ps_prochandle *, pstatus_t *, void *);
 typedef prheader_t *(*pop_lstatus_t)(struct ps_prochandle *, void *);
 typedef prheader_t *(*pop_lpsinfo_t)(struct ps_prochandle *, void *);

@@ -220,10 +222,11 @@
         pop_fini_t              pop_fini;
         pop_platform_t          pop_platform;
         pop_uname_t             pop_uname;
         pop_zonename_t          pop_zonename;
         pop_execname_t          pop_execname;
+        pop_secflags_t          pop_secflags;
 #if defined(__i386) || defined(__amd64)
         pop_ldt_t               pop_ldt;
 #endif
 } ps_ops_t;
 

@@ -268,10 +271,12 @@
 extern  void   *Pprivinfo(struct ps_prochandle *);
 extern  int     Psetzoneid(struct ps_prochandle *, zoneid_t);
 extern  int     Pgetareg(struct ps_prochandle *, int, prgreg_t *);
 extern  int     Pputareg(struct ps_prochandle *, int, prgreg_t);
 extern  int     Psetrun(struct ps_prochandle *, int, int);
+extern  int     Psecflags(struct ps_prochandle *, prsecflags_t **);
+extern  void    Psecflags_free(prsecflags_t *);
 extern  ssize_t Pread(struct ps_prochandle *, void *, size_t, uintptr_t);
 extern  ssize_t Pread_string(struct ps_prochandle *, char *, size_t, uintptr_t);
 extern  ssize_t Pwrite(struct ps_prochandle *, const void *, size_t, uintptr_t);
 extern  int     Pclearsig(struct ps_prochandle *);
 extern  int     Pclearfault(struct ps_prochandle *);

@@ -694,10 +699,11 @@
 extern int proc_get_cred(pid_t, prcred_t *, int);
 extern prpriv_t *proc_get_priv(pid_t);
 extern void proc_free_priv(prpriv_t *);
 extern int proc_get_psinfo(pid_t, psinfo_t *);
 extern int proc_get_status(pid_t, pstatus_t *);
+extern int proc_get_secflags(pid_t, prsecflags_t **);
 
 /*
  * Utility functions for debugging tools to convert numeric fault,
  * signal, and system call numbers to symbolic names:
  */