Print this page
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.

Split Close
Expand all
Collapse all
          --- old/usr/src/man/man5/privileges.5.man.txt
          +++ new/usr/src/man/man5/privileges.5.man.txt
↓ open down ↓ 355 lines elided ↑ open up ↑
 356  356             Allow a process to elevate its priority above its current level.
 357  357  
 358  358  
 359  359         PRIV_PROC_PRIOCNTL
 360  360  
 361  361             Allows all that PRIV_PROC_PRIOUP allows.  Allow a process to change
 362  362             its scheduling class to any scheduling class, including the RT
 363  363             class.
 364  364  
 365  365  
      366 +       PRIV_PROC_SECFLAGS
      367 +
      368 +           Allow a process to manipulate the secflags of processes (subject
      369 +           to, additionally, the ability to signal that process).
      370 +
      371 +
 366  372         PRIV_PROC_SESSION
 367  373  
 368  374             Allow a process to send signals or trace processes outside its
 369  375             session.
 370  376  
 371  377  
 372  378         PRIV_PROC_SETID
 373  379  
 374  380             Allow a process to set its UIDs at will, assuming UID 0 requires
 375  381             all privileges to be asserted.
↓ open down ↓ 547 lines elided ↑ open up ↑
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX