Print this page
Code review comments from jeffpc
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.
@@ -361,10 +361,16 @@
Allows all that PRIV_PROC_PRIOUP allows. Allow a process to change
its scheduling class to any scheduling class, including the RT
class.
+ PRIV_PROC_SECFLAGS
+
+ Allow a process to manipulate the secflags of processes (subject
+ to, additionally, the ability to signal that process).
+
+
PRIV_PROC_SESSION
Allow a process to send signals or trace processes outside its
session.
@@ -917,6 +923,6 @@
System Administration Guide: Security Services
- April 9, 2016 PRIVILEGES(5)
+ June 6, 2016 PRIVILEGES(5)