il_7029 Cdiff usr/src/lib/libbsm/adt

Print this page

7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.


*** 171,180 ****
--- 171,184 ----
  #REQUIRED           count          CDATA #REQUIRED >
  
  <!-- privilege token --> <!ELEMENT privilege      (#PCDATA)> <!ATTLIST
  privilege           set-type  CDATA #REQUIRED >
  
+ <!-- secflags token --> <!ELEMENT secflags        (#PCDATA)> <!ATTLIST
+ secflags       set-type  CDATA #REQUIRED >
+ 
+ 
  <!-- use_of_privilege token --> <!ELEMENT use_of_privilege  (#PCDATA)>
  <!ATTLIST use_of_privilege         result         CDATA #REQUIRED >
  
  <!-- sensitivity_label token --> <!ELEMENT sensitivity_label     (#PCDATA)>