Page MenuHomeFreeBSD
Files F146998675

D19308.id54252.diff
No OneTemporary
Actions

D19308.id54252.diff
View Options

Index: lib/libc/sys/procctl.2
===================================================================
--- lib/libc/sys/procctl.2
+++ lib/libc/sys/procctl.2
@@ -29,7 +29,7 @@
.\"
.\" $FreeBSD$
.\"
-.Dd May 12, 2018
+.Dd February 23, 2019
.Dt PROCCTL 2
.Os
.Sh NAME
@@ -72,6 +72,46 @@
argument.
The following commands are supported:
.Bl -tag -width "Dv PROC_TRAPCAP_STATUS"
+.It Dv PROC_ASLR_CTL
+Controls the Address Space Layour Randomization (ASLR) in the program
+images created
+by
+.Xr execve 2
+in the specified process or its descendants that did not changed
+the control nor modified it by other means.
+The
+.Xa arg
+parameter must point to the integer variable holding one of the following
+values:
+.Bl -tag -width "Dv PROC_ASLR_FORCE_DISABLE"
+.It Dv PROC_ASLR_FORCE_ENABLE
+Request that ASLR is enabled after execution, even if it is disabled
+system-wide.
+The image flag and set-uid might prevent ASLR enablement still.
+.It Dv PROC_ASLR_FORCE_DISABLE
+Request that ASLR is disabled after execution.
+Same notes as for
+.Dv PROC_ASKR_FORCE_ENABLE
+apply.
+.It Dv PROC_ASLR_NOFORCE
+Use system-wide configured policy for ASLR.
+.El
+.It Dv PROC_ASLR_STATUS
+Returns the current status of ASLR enablement for the target process.
+The
+.Va arg
+parameter must point to the integer variable, where one of the
+following values is written:
+.Bl -tag -width "Dv PROC_ASLR_FORCE_DISABLE"
+.It Dv PROC_ASLR_FORCE_ENABLE
+.It Dv PROC_ASLR_FORCE_DISABLE
+.It Dv PROC_ASLR_NOFORCE
+.El
+.Pp
+If the currently executed image in the process itself has ASLR enabled,
+the
+.Dv PROC_ASLR_ACTIVE
+flag is or-ed with the value listed above.
.It Dv PROC_SPROTECT
Set process protection state.
This is used to mark a process as protected from being killed if the system
Index: usr.bin/proccontrol/Makefile
===================================================================
--- usr.bin/proccontrol/Makefile
+++ usr.bin/proccontrol/Makefile
@@ -2,6 +2,5 @@
PROG= proccontrol
WARNS?= 6
-MAN=
.include <bsd.prog.mk>
Index: usr.bin/proccontrol/proccontrol.1
===================================================================
--- /dev/null
+++ usr.bin/proccontrol/proccontrol.1
@@ -0,0 +1,123 @@
+.\" Copyright (c) 2019 The FreeBSD Foundation, Inc.
+.\" All rights reserved.
+.\"
+.\" This documentation was written by
+.\" Konstantin Belousov <kib@FreeBSD.org> under sponsorship
+.\" from the FreeBSD Foundation.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $FreeBSD$
+.\"
+.Dd February 22, 2019
+.Dt PROCCONTROL 1
+.Os
+.Sh NAME
+.Nm proccontrol
+.Nd Control some process execution aspects
+.Sh SYNOPSIS
+.Nm
+.Fl m Ar mode
+.Op Fl s Ar control
+.Op Fl q
+.Fl p Ar pid | command
+.Sh DESCRIPTION
+The
+.Nm
+command modifies the execution parameter of existing process
+specified by the
+.Ar pid
+argument, or starts execution of the new program
+.Ar command
+with the execution parameter set for it.
+.Pp
+Which execution parameter is changed, selected by the mandatory
+parameter
+.Ar mode .
+Possible values for
+.Ar mode
+are:
+.Bl -tag -width Ar trapcap
+.It Ar aslr
+Control the Address Space Layout Randomization.
+Only applicable to the new process spawned.
+.It Ar trace
+Control the permission for debuggers to attach.
+.It Ar trapcap
+Controls the signalling of capability mode access violations.
+.El
+.Pp
+The
+Ar control
+specifies if the selected
+.Ar mode
+should be enabled or disabled.
+Possible values are
+.Ar enable
+and
+.Ar disable ,
+with the default value being
+.Ar enable
+if not specified.
+See
+.Xr procctl 2
+for detailed description of each mode effects and interaction with other
+process control facilities.
+.Pp
+The
+.Op Fl q
+switch makes the utility query and print the current setting for
+the selected mode.
+.Sh EXIT STATUS
+.Ex -std
+.Sh EXAMPLES
+.Bl -bullet
+.It
+To disable debuggers attachment to the process 1020, execute
+.Dl "proccontrol -m trace -s disable -p 1020"
+.It
+To execute the
+.Xr uniq 1
+program in a mode where capability access violations cause
+.Dv SIGTRAP
+delivery, do
+.Dl "proccontrol -m trapcap uniq"
+.It
+To query the current ASLR enablement mode for the running
+process 1020, do
+.Dl "proccontrol -m aslr -q -p 1020"
+.El
+.Sh SEE ALSO
+.Xr kill 2 ,
+.Xr procctl 2 ,
+.Xr ptrace 2
+.Sh HISTORY
+The
+.Nm
+command appeared in
+.Fx 10.0 .
+.Sh AUTHORS
+The
+.Nm
+command and this manual page were written by
+.An Konstantin Belousov Aq Mt kib@freebsd.org
+under sponsorship from The FreeBSD Foundation.

File Metadata

Mime Type
text/plain
Expires
Sun, Mar 8, 11:17 AM (10 h, 19 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
29404195
Default Alt Text
D19308.id54252.diff (5 KB)

Event Timeline