7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.

*** 134,143 ****
--- 134,147 ----
  
  $(OBJS_DIR)/%.o:                $(COMMONBASE)/crypto/des/%.c
          $(COMPILE.c) -o $@ $<
          $(CTFCONVERT_O)
  
+ $(OBJS_DIR)/%.o:                $(COMMONBASE)/secflags/%.c
+         $(COMPILE.c) -o $@ $<
+         $(CTFCONVERT_O)
+ 
  $(OBJS_DIR)/%.o:                $(COMMONBASE)/smbios/%.c
          $(COMPILE.c) -o $@ $<
          $(CTFCONVERT_O)
  
  $(OBJS_DIR)/%.o:                $(UTSBASE)/common/des/%.c
*** 1690,1699 ****
--- 1694,1706 ----
          @($(LHEAD) $(LINT.c) $< $(LTAIL))
  
  $(LINTS_DIR)/%.ln:              $(COMMONBASE)/crypto/des/%.c
          @($(LHEAD) $(LINT.c) $< $(LTAIL))
  
+ $(LINTS_DIR)/%.ln:              $(COMMONBASE)/secflags/%.c
+         @($(LHEAD) $(LINT.c) $< $(LTAIL))
+ 
  $(LINTS_DIR)/%.ln:              $(COMMONBASE)/smbios/%.c
          @($(LHEAD) $(LINT.c) $< $(LTAIL))
  
  $(LINTS_DIR)/%.ln:              $(UTSBASE)/common/avs/ncall/%.c
          @($(LHEAD) $(LINT.c) $< $(LTAIL))