Changeset View
Changeset View
Standalone View
Standalone View
lib/libc/sys/procctl.2
Show First 20 Lines • Show All 385 Lines • ▼ Show 20 Lines | |||||
.Dv PROC_TRAPCAP_CTL_ENABLE | .Dv PROC_TRAPCAP_CTL_ENABLE | ||||
value if the process control enables signal delivery, and to | value if the process control enables signal delivery, and to | ||||
.Dv PROC_TRAPCAP_CTL_DISABLE | .Dv PROC_TRAPCAP_CTL_DISABLE | ||||
otherwise. | otherwise. | ||||
.Pp | .Pp | ||||
See the note about sysctl | See the note about sysctl | ||||
.Dv kern.trap_enotcap | .Dv kern.trap_enotcap | ||||
above, which gives independent global control of signal delivery. | above, which gives independent global control of signal delivery. | ||||
.It Dv PROC_PDEATHSIG_SET | |||||
Request the delivery of a signal when the parent of the calling | |||||
process exits. | |||||
.Fa id_type | |||||
must be | |||||
.Dv P_PID | |||||
and | |||||
.Fa id | |||||
must be the either caller's pid or 0, with no difference in effect. | |||||
kib: I think it would be useful to note that zero acts same as the caller pid. | |||||
The value is cleared for the children | |||||
of fork() and when executing set-user-ID or set-group-ID binaries. | |||||
Done Inline Actionsfor child processes (since this is not just fork() but also vfork(), rfork() and pdfork()) jilles: for child processes (since this is not just `fork()` but also `vfork()`, `rfork()` and `pdfork… | |||||
.Fa arg | |||||
must point to a value of type int indicating the signal | |||||
Done Inline Actions.Vt int jilles: `.Vt int` | |||||
that should be delivered to the caller. | |||||
Use zero to cancel a previously requested signal delivery. | |||||
.It Dv PROC_PDEATHSIG_GET | |||||
Query the current signal number that will be delivered when the parent | |||||
of the calling process exits. | |||||
.Fa id_type | |||||
must be | |||||
.Dv P_PID | |||||
and | |||||
.Fa id | |||||
must be the either caller's pid or 0, with no difference in effect. | |||||
.Fa arg | |||||
must point to a memory location that can hold a value of type int. | |||||
Done Inline Actions.Vt int jilles: `.Vt int` | |||||
If signal delivery has not been requested, it will contain zero | |||||
on return. | |||||
.El | .El | ||||
.Sh NOTES | .Sh NOTES | ||||
Disabling tracing on a process should not be considered a security | Disabling tracing on a process should not be considered a security | ||||
feature, as it is bypassable both by the kernel and privileged processes, | feature, as it is bypassable both by the kernel and privileged processes, | ||||
and via other system mechanisms. | and via other system mechanisms. | ||||
As such, it should not be utilized to reliably protect cryptographic | As such, it should not be utilized to reliably protect cryptographic | ||||
keying material or other confidential data. | keying material or other confidential data. | ||||
.Sh RETURN VALUES | .Sh RETURN VALUES | ||||
▲ Show 20 Lines • Show All 80 Lines • ▼ Show 20 Lines | |||||
.It Bq Er EINVAL | .It Bq Er EINVAL | ||||
The value of the integer | The value of the integer | ||||
.Fa data | .Fa data | ||||
parameter for the | parameter for the | ||||
.Dv PROC_TRACE_CTL | .Dv PROC_TRACE_CTL | ||||
or | or | ||||
.Dv PROC_TRAPCAP_CTL | .Dv PROC_TRAPCAP_CTL | ||||
request is invalid. | request is invalid. | ||||
.It Bq Er EINVAL | |||||
The | |||||
.Dv PROC_PDEATHSIG_SET | |||||
or | |||||
.Dv PROC_PDEATHSIG_GET | |||||
request referenced an unsupported id, id_type or invalid signal number. | |||||
Done Inline Actions.Fa id and .Fa id_type jilles: `.Fa id` and `.Fa id_type` | |||||
.El | .El | ||||
.Sh SEE ALSO | .Sh SEE ALSO | ||||
.Xr dtrace 1 , | .Xr dtrace 1 , | ||||
.Xr cap_enter 2, | .Xr cap_enter 2, | ||||
.Xr kill 2 , | .Xr kill 2 , | ||||
.Xr ktrace 2 , | .Xr ktrace 2 , | ||||
.Xr ptrace 2 , | .Xr ptrace 2 , | ||||
.Xr wait 2 , | .Xr wait 2 , | ||||
.Xr capsicum 4 , | .Xr capsicum 4 , | ||||
.Xr hwpmc 4 , | .Xr hwpmc 4 , | ||||
.Xr init 8 | .Xr init 8 | ||||
.Sh HISTORY | .Sh HISTORY | ||||
The | The | ||||
.Fn procctl | .Fn procctl | ||||
function appeared in | function appeared in | ||||
.Fx 10.0 . | .Fx 10.0 . | ||||
The reaper facility is based on a similar feature of Linux and | The reaper facility is based on a similar feature of Linux and | ||||
DragonflyBSD, and first appeared in | DragonflyBSD, and first appeared in | ||||
.Fx 10.2 . | .Fx 10.2 . | ||||
The | |||||
.Dv PROC_PDEATHSIG_SET | |||||
facility is based on the prctl(PR_SET_PDEATHSIG, ...) feature of Linux, | |||||
and first appeared in | |||||
.Fx 12.0 . | |||||
mjgUnsubmitted Done Inline ActionsA remark about the corner case of clearing the flag on creds-changing exec would be useful, but I don't know how to bolt it in here. mjg: A remark about the corner case of clearing the flag on creds-changing exec would be useful, but… | |||||
munro_ip9.orgAuthorUnsubmitted Done Inline ActionsThat is covered by the following man page hunk: +The value is cleared for the children munro_ip9.org: That is covered by the following man page hunk:
+The value is cleared for the children
+of… |
I think it would be useful to note that zero acts same as the caller pid.