7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.

*** 135,144 ****
--- 135,148 ----
  
  $(OBJS_DIR)/%.o:                $(COMMONBASE)/crypto/des/%.c
          $(COMPILE.c) -o $@ $<
          $(CTFCONVERT_O)
  
+ $(OBJS_DIR)/%.o:                $(COMMONBASE)/secflags/%.c
+         $(COMPILE.c) -o $@ $<
+         $(CTFCONVERT_O)
+ 
  $(OBJS_DIR)/%.o:                $(COMMONBASE)/smbios/%.c
          $(COMPILE.c) -o $@ $<
          $(CTFCONVERT_O)
  
  $(OBJS_DIR)/%.o:                $(UTSBASE)/common/des/%.c
*** 1699,1708 ****
--- 1703,1715 ----
          @($(LHEAD) $(LINT.c) $< $(LTAIL))
  
  $(LINTS_DIR)/%.ln:              $(COMMONBASE)/crypto/des/%.c
          @($(LHEAD) $(LINT.c) $< $(LTAIL))
  
+ $(LINTS_DIR)/%.ln:              $(COMMONBASE)/secflags/%.c
+         @($(LHEAD) $(LINT.c) $< $(LTAIL))
+ 
  $(LINTS_DIR)/%.ln:              $(COMMONBASE)/smbios/%.c
          @($(LHEAD) $(LINT.c) $< $(LTAIL))
  
  $(LINTS_DIR)/%.ln:              $(UTSBASE)/common/avs/ncall/%.c
          @($(LHEAD) $(LINT.c) $< $(LTAIL))