Code review comments from jeffpc
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.

*** 62,71 ****
--- 62,72 ----
  #include <sys/pset.h>
  #include <sys/procfs_isa.h>
  #include <sys/priv.h>
  #include <sys/stat.h>
  #include <sys/param.h>
+ #include <sys/secflags.h>
  
  /*
   * System call interfaces for /proc.
   */
  
*** 396,405 ****
--- 397,417 ----
          uint32_t        pr_setsize;             /* size of privilege set */
          uint32_t        pr_infosize;            /* size of supplementary data */
          priv_chunk_t    pr_sets[1];             /* array of sets */
  } prpriv_t;
  
+ #define PRSECFLAGS_VERSION_1            1
+ #define PRSECFLAGS_VERSION_CURRENT      PRSECFLAGS_VERSION_1
+ typedef struct prsecflags {
+         uint32_t pr_version;
+         char pr_pad[4];
+         secflagset_t pr_effective;
+         secflagset_t pr_inherit;
+         secflagset_t pr_lower;
+         secflagset_t pr_upper;
+ } prsecflags_t;
+ 
  /*
   * Watchpoint interface.  PCWATCH and /proc/<pid>/watch
   */
  typedef struct prwatch {
          uintptr_t pr_vaddr;     /* virtual address of watched area */