Code review comments from jeffpc
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.

@@ -1085,10 +1085,15 @@
         cp->p_usrstack = pp->p_usrstack;
         cp->p_model = pp->p_model;
         cp->p_ppid = pp->p_pid;
         cp->p_ancpid = pp->p_pid;
         cp->p_portcnt = pp->p_portcnt;
+        /*
+         * Security flags are preserved on fork, the inherited copy come into
+         * effect on exec
+         */
+        cp->p_secflags = pp->p_secflags;
 
         /*
          * Initialize watchpoint structures
          */
         avl_create(&cp->p_warea, wa_compare, sizeof (struct watched_area),