Print this page
Code review comments from jeffpc
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.

@@ -331,10 +331,16 @@
                       agent LWP and contains the psinfo_t of the process that
                       created the agent LWP. See the proc(4) description of
                       the spymaster entry for more details.
+       prsecflags_t
+                      n_type: NT_SECFLAGS.  This entry contains the process
+                      security-flags, see security-flags(5), proc(4), and
+                      psecflags(1M) for more information.
        Depending on the coreadm(1M) settings, the section header of an ELF
        core file can contain entries for CTF, symbol table, and string table
        sections. The sh_addr fields are set to the base address of the first
        mapping of the load object that they came from to. This can be used to

@@ -346,13 +352,13 @@
        elfdump(1), gcore(1), mdb(1), proc(1), ps(1), coreadm(1M),
        getrlimit(2), setrlimit(2), setuid(2), sysinfo(2), uname(2),
        getzonenamebyid(3C), getzoneid(3C), elf(3ELF), signal.h(3HEAD),
-       a.out(4), proc(4), zones(5)
+       a.out(4), proc(4), zones(5), security-flags(5)
        ANSI C Programmer's Guide
-                                March 31, 2013                         CORE(4)
+                                 June 6, 2016                          CORE(4)