Print this page
Code review comments from jeffpc
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.

@@ -361,10 +361,16 @@
            Allows all that PRIV_PROC_PRIOUP allows.  Allow a process to change
            its scheduling class to any scheduling class, including the RT
            class.
 
 
+       PRIV_PROC_SECFLAGS
+
+           Allow a process to manipulate the secflags of processes (subject
+           to, additionally, the ability to signal that process).
+
+
        PRIV_PROC_SESSION
 
            Allow a process to send signals or trace processes outside its
            session.
 

@@ -917,6 +923,6 @@
 
        System Administration Guide: Security Services
 
 
 
-                                 April 9, 2016                   PRIVILEGES(5)
+                                 June 6, 2016                    PRIVILEGES(5)