Print this page
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.
@@ -838,10 +838,27 @@
The full size of the structure can be computed using
PRIV_PRPRIV_SIZE(prpriv_t *).
+ secflags
+ This file contains the security-flags of the process. It contains a
+ description of the security flags associated with the process.
+
+ typedef struct prsecflags {
+ uint32_t pr_version; /* ABI Versioning of this structure */
+ secflagset_t pr_effective; /* Effective flags */
+ secflagset_t pr_inherit; /* Inheritable flags */
+ secflagset_t pr_lower; /* Lower flags */
+ secflagset_t pr_upper; /* Upper flags */
+ } prsecflags_t;
+
+
+
+ The pr_version field is a version number for the structure, currently
+ PRSECFLAGS_VERSION_1.
+
sigact
Contains an array of sigaction structures describing the current
dispositions of all signals associated with the traced process (see
sigaction(2)). Signal numbers are displaced by 1 from array indices, so
that the action for signal number n appears in position n-1 of the
@@ -2185,11 +2202,11 @@
readlink(2), readv(2), shmget(2), sigaction(2), sigaltstack(2),
vfork(2), write(2), writev(2), _stack_grow(3C), readdir(3C),
pthread_create(3C), pthread_join(3C), siginfo.h(3HEAD),
signal.h(3HEAD), thr_create(3C), thr_join(3C), types32.h(3HEAD),
ucontext.h(3HEAD), wait(3C), contract(4), core(4), process(4),
- lfcompile(5), privileges(5)
+ lfcompile(5), privileges(5), security-flags(5)
DIAGNOSTICS
Errors that can occur in addition to the errors normally associated
with file system access:
@@ -2318,6 +2335,6 @@
<sys/regset.h> are similar to but not the same as the types prgregset_t
and prfpregset_t defined in <procfs.h>.
- March 31, 2013 PROC(4)
+ July 23, 2015 PROC(4)