Print this page
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.

*** 37,46 **** --- 37,47 ---- #include <sys/shm.h> /* for shmid_ds structure */ #include <sys/sem.h> /* for semid_ds structure */ #include <sys/msg.h> /* for msqid_ds structure */ #include <sys/atomic.h> /* using atomics */ + #include <sys/secflags.h> /* * Audit conditions, statements reguarding what's to be done with * audit records. None of the "global state" is returned by an * auditconfig -getcond call. AUC_NOSPACE no longer seems used.
*** 588,597 **** --- 589,600 ---- void audit_ipcget(int, void *); void audit_fdsend(int, struct file *, int); void audit_fdrecv(int, struct file *); void audit_priv(int, const struct priv_set *, int); void audit_setppriv(int, int, const struct priv_set *, const cred_t *); + void audit_psecflags(proc_t *, psecflagwhich_t, + const secflagdelta_t *); void audit_devpolicy(int, const struct devplcysys *); void audit_update_context(proc_t *, cred_t *); void audit_kssl(int, void *, int); void audit_pf_policy(int, cred_t *, netstack_t *, char *, boolean_t, int, pid_t);