7029 want per-process exploit mitigation features (secflags)

7030 want basic address space layout randomization (ASLR)
7031 noexec_user_stack should be a security-flag
7032 want a means to forbid mappings around NULL
Reviewed by: Robert Mustacchi <rm@joyent.com>
Reviewed by: Josef 'Jeff' Sipek <jeffpc@josefsipek.net>
Reviewed by: Patrick Mooney <pmooney@joyent.com>
Approved by: Dan McDonald <danmcd@omniti.com>

1 files changed, 12 insertions, 1 deletions

diff --git a/usr/src/man/man5/privileges.5 b/usr/src/man/man5/privileges.5
index 9c39864f8c..53b86177e2 100644
--- a/usr/src/man/man5/privileges.5
+++ b/usr/src/man/man5/privileges.5
@@ -4,7 +4,7 @@
 .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.
 .\"  See the License for the specific language governing permissions and limitations under the License. When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with
 .\" the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
-.TH PRIVILEGES 5 "April 9, 2016"
+.TH PRIVILEGES 5 "Jun 6, 2016"
 .SH NAME
 privileges \- process privilege model
 .SH DESCRIPTION
@@ -572,6 +572,17 @@ including the RT class.
 .sp
 .ne 2
 .na
+\fB\PRIV_PROC_SECFLAGS\fR
+.ad
+.sp .6
+.RS 4n
+Allow a process to manipulate the secflags of processes (subject to,
+additionally, the ability to signal that process).
+.RE
+
+.sp
+.ne 2
+.na
 \fB\fBPRIV_PROC_SESSION\fR\fR
 .ad
 .sp .6