7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.

*** 39,48 ****
--- 39,50 ----
  #include <dlfcn.h>
  #include <libld.h>
  #include <sgs.h>
  #include <sgsmsg.h>
  
+ #include <sys/secflags.h>
+ 
  #ifdef  __cplusplus
  extern "C" {
  #endif
  
  /*
*** 323,332 ****
--- 325,340 ----
  typedef union {
          Conv_inv_buf_t                  inv_buf;
          char                            buf[CONV_CNOTE_PROC_FLAG_BUFSIZE];
  } Conv_cnote_proc_flag_buf_t;
  
+ /* conv_prsecflags() */
+ #define CONV_PRSECFLAGS_BUFSIZE         57
+ typedef union {
+         Conv_inv_buf_t                  inv_buf;
+         char                            buf[CONV_PRSECFLAGS_BUFSIZE];
+ } Conv_secflags_buf_t;
  
  /* conv_cnote_sigset() */
  #define CONV_CNOTE_SIGSET_BUFSIZE       639
  typedef union {
          Conv_inv_buf_t                  inv_buf;
*** 820,829 ****
--- 828,839 ----
                              Conv_inv_buf_t *);
  extern  const char      *conv_cnote_pr_why(short, Conv_fmt_flags_t,
                              Conv_inv_buf_t *);
  extern  const char      *conv_cnote_priv(int, Conv_fmt_flags_t,
                              Conv_inv_buf_t *);
+ extern  const char      *conv_prsecflags(secflagset_t, Conv_fmt_flags_t,
+                             Conv_secflags_buf_t *);
  extern  const char      *conv_cnote_psetid(int, Conv_fmt_flags_t,
                              Conv_inv_buf_t *);
  extern  const char      *conv_cnote_sa_flags(int, Conv_fmt_flags_t,
                              Conv_cnote_sa_flags_buf_t *);
  extern  const char      *conv_cnote_signal(Word, Conv_fmt_flags_t,