Print this page
Code review comments from jeffpc
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.

@@ -2,11 +2,11 @@
 .\" Copyright (c) 2009, Sun Microsystems, Inc. All Rights Reserved.
 .\" Copyright 2015, Joyent, Inc. All Rights Reserved.
 .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.
 .\"  See the License for the specific language governing permissions and limitations under the License. When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with
 .\" the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
-.TH PRIVILEGES 5 "April 9, 2016"
+.TH PRIVILEGES 5 "Jun 6, 2016"
 .SH NAME
 privileges \- process privilege model
 .SH DESCRIPTION
 .LP
 Solaris software implements a set of privileges that provide fine-grained

@@ -570,10 +570,21 @@
 .RE
 
 .sp
 .ne 2
 .na
+\fB\PRIV_PROC_SECFLAGS\fR
+.ad
+.sp .6
+.RS 4n
+Allow a process to manipulate the secflags of processes (subject to,
+additionally, the ability to signal that process).
+.RE
+
+.sp
+.ne 2
+.na
 \fB\fBPRIV_PROC_SESSION\fR\fR
 .ad
 .sp .6
 .RS 4n
 Allow a process to send signals or trace processes outside its session.