7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.

@@ -185,11 +185,11 @@
          * The basic_test privilege should not be removed from E;
          * if that has happened, then some programmer typically set the E/P to
          * empty. That is not portable.
          */
         if ((type == PRIV_EFFECTIVE || type == PRIV_PERMITTED) &&
-            priv_basic_test >= 0 && !PRIV_ISASSERT(target, priv_basic_test)) {
+            priv_basic_test >= 0 && !PRIV_ISMEMBER(target, priv_basic_test)) {
                 proc_t *p = curproc;
                 pid_t pid = p->p_pid;
                 char *fn = PTOU(p)->u_comm;
 
                 cmn_err(CE_WARN, "%s[%d]: setppriv: basic_test privilege "