Print this page
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.

Split Close
Expand all
Collapse all
          --- old/usr/src/uts/common/os/priv_defs
          +++ new/usr/src/uts/common/os/priv_defs
↓ open down ↓ 310 lines elided ↑ open up ↑
 311  311  privilege PRIV_PROC_PRIOUP
 312  312  
 313  313          Allows a process to elevate its priority above its current level.
 314  314  
 315  315  privilege PRIV_PROC_PRIOCNTL
 316  316  
 317  317          Allows all that PRIV_PROC_PRIOUP allows.
 318  318          Allows a process to change its scheduling class to any scheduling class,
 319  319          including the RT class.
 320  320  
      321 +basic privilege PRIV_PROC_SECFLAGS
      322 +
      323 +        Allows a process to manipulate the secflags of processes (subject to,
      324 +        additionally, the ability to signal that process)
      325 +
 321  326  basic privilege PRIV_PROC_SESSION
 322  327  
 323  328          Allows a process to send signals or trace processes outside its
 324  329          session.
 325  330  
 326  331  unsafe privilege PRIV_PROC_SETID
 327  332  
 328  333          Allows a process to set its uids at will.
 329  334          Assuming uid 0 requires all privileges to be asserted.
 330  335  
↓ open down ↓ 293 lines elided ↑ open up ↑
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX