Print this page
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.

@@ -46,10 +46,11 @@
 #include <sys/rctl.h>
 #include <sys/list.h>
 #include <sys/avl.h>
 #include <sys/door_impl.h>
 #include <sys/signalfd.h>
+#include <sys/secflags.h>
 
 #ifdef  __cplusplus
 extern "C" {
 #endif
 

@@ -347,10 +348,11 @@
         uintptr_t       p_portcnt;      /* event ports counter */
         struct zone     *p_zone;        /* zone in which process lives */
         struct vnode    *p_execdir;     /* directory that p_exec came from */
         struct brand    *p_brand;       /* process's brand  */
         void            *p_brand_data;  /* per-process brand state */
+        psecflags_t     p_secflags;     /* per-process security flags */
 
         /* additional lock to protect p_sessp (but not its contents) */
         kmutex_t p_splock;
         rctl_qty_t      p_locked_mem;   /* locked memory charged to proc */
                                         /* protected by p_lock */