Print this page
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.

Split Close
Expand all
Collapse all
          --- old/usr/src/man/man5/privileges.5
          +++ new/usr/src/man/man5/privileges.5
↓ open down ↓ 564 lines elided ↑ open up ↑
 565  565  .sp .6
 566  566  .RS 4n
 567  567  Allows all that PRIV_PROC_PRIOUP allows.
 568  568  Allow a process to change its scheduling class to any scheduling class,
 569  569  including the RT class.
 570  570  .RE
 571  571  
 572  572  .sp
 573  573  .ne 2
 574  574  .na
      575 +\fB\PRIV_PROC_SECFLAGS\fR
      576 +.ad
      577 +.sp .6
      578 +.RS 4n
      579 +Allow a process to manipulate the secflags of processes (subject to,
      580 +additionally, the ability to signal that process).
      581 +.RE
      582 +
      583 +.sp
      584 +.ne 2
      585 +.na
 575  586  \fB\fBPRIV_PROC_SESSION\fR\fR
 576  587  .ad
 577  588  .sp .6
 578  589  .RS 4n
 579  590  Allow a process to send signals or trace processes outside its session.
 580  591  .RE
 581  592  
 582  593  .sp
 583  594  .ne 2
 584  595  .na
↓ open down ↓ 767 lines elided ↑ open up ↑
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX