Print this page
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.

*** 46,55 **** --- 46,56 ---- #include <sys/rctl.h> #include <sys/list.h> #include <sys/avl.h> #include <sys/door_impl.h> #include <sys/signalfd.h> + #include <sys/secflags.h> #ifdef __cplusplus extern "C" { #endif
*** 347,356 **** --- 348,358 ---- uintptr_t p_portcnt; /* event ports counter */ struct zone *p_zone; /* zone in which process lives */ struct vnode *p_execdir; /* directory that p_exec came from */ struct brand *p_brand; /* process's brand */ void *p_brand_data; /* per-process brand state */ + psecflags_t p_secflags; /* per-process security flags */ /* additional lock to protect p_sessp (but not its contents) */ kmutex_t p_splock; rctl_qty_t p_locked_mem; /* locked memory charged to proc */ /* protected by p_lock */