Changeset View
Changeset View
Standalone View
Standalone View
head/lib/libc/sys/procctl.2
| Show All 23 Lines | |||||
| .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||||
| .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||||
| .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||||
| .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||||
| .\" SUCH DAMAGE. | .\" SUCH DAMAGE. | ||||
| .\" | .\" | ||||
| .\" $FreeBSD$ | .\" $FreeBSD$ | ||||
| .\" | .\" | ||||
| .Dd April 9, 2019 | .Dd August 31, 2019 | ||||
| .Dt PROCCTL 2 | .Dt PROCCTL 2 | ||||
| .Os | .Os | ||||
| .Sh NAME | .Sh NAME | ||||
| .Nm procctl | .Nm procctl | ||||
| .Nd control processes | .Nd control processes | ||||
| .Sh LIBRARY | .Sh LIBRARY | ||||
| .Lb libc | .Lb libc | ||||
| .Sh SYNOPSIS | .Sh SYNOPSIS | ||||
| ▲ Show 20 Lines • Show All 457 Lines • ▼ Show 20 Lines | |||||
| and | and | ||||
| .Fa id | .Fa id | ||||
| must be the either caller's pid or zero, with no difference in effect. | must be the either caller's pid or zero, with no difference in effect. | ||||
| .Fa arg | .Fa arg | ||||
| must point to a memory location that can hold a value of type | must point to a memory location that can hold a value of type | ||||
| .Vt int . | .Vt int . | ||||
| If signal delivery has not been requested, it will contain zero | If signal delivery has not been requested, it will contain zero | ||||
| on return. | on return. | ||||
| .It Dv PROC_STACKGAP_CTL | |||||
| Controls the stack gaps in the specified process. | |||||
| A stack gap is the part of the growth area for a | |||||
| .Dv MAP_STACK | |||||
| mapped region that is reserved and never filled by memory. | |||||
| Instead, the process is guaranteed to receive a | |||||
| .Dv SIGSEGV | |||||
| signal on accessing pages in the gap. | |||||
| Gaps protect against stack overflow corrupting memory adjacent | |||||
| to the stack. | |||||
| .Pp | |||||
| The | |||||
| .Fa data | |||||
| argument must point to an integer variable containing flags. | |||||
| The following flags are allowed: | |||||
| .Bl -tag -width PROC_STACKGAP_DISABLE_EXEC | |||||
| .It Dv PROC_STACKGAP_ENABLE | |||||
| This flag is only accepted for consistency with | |||||
| .Dv PROC_STACKGAP_STATUS . | |||||
| If stack gaps are enabled, the flag is ignored. | |||||
| If disabled, the flag causes an | |||||
| .Ev EINVAL | |||||
| error to be returned. | |||||
| After gaps are disabled in a process, they can only be re-enabled when an | |||||
| .Xr execve 2 | |||||
| is performed. | |||||
| .It Dv PROC_STACKGAP_DISABLE | |||||
| Disable stack gaps for the process. | |||||
| For existing stacks, the gap is no longer a reserved part of the growth | |||||
| area and can be filled by memory on access. | |||||
| .It Dv PROC_STACKGAP_ENABLE_EXEC | |||||
| Enable stack gaps for programs started after an | |||||
| .Xr execve 2 | |||||
| by the specified process. | |||||
| .It Dv PROC_STACKGAP_DISABLE_EXEC | |||||
| Inherit disabled stack gaps state after | |||||
| .Xr execve 2 . | |||||
| In other words, if the currently executing program has stack gaps disabled, | |||||
| they are kept disabled on exec. | |||||
| If gaps were enabled, they are kept enabled after exec. | |||||
| .El | |||||
| .Pp | |||||
| The stack gap state is inherited from the parent on | |||||
| .Xr fork 2 . | |||||
| .It Dv PROC_STACKGAP_STATUS | |||||
| Returns the current stack gap state for the specified process. | |||||
| .Fa data | |||||
| must point to an integer variable, which is used to return a bitmask | |||||
| consisting of the following flags: | |||||
| .Bl -tag -width PROC_STACKGAP_DISABLE_EXEC | |||||
| .It Dv PROC_STACKGAP_ENABLE | |||||
| Stack gaps are enabled. | |||||
| .It Dv PROC_STACKGAP_DISABLE | |||||
| Stack gaps are disabled. | |||||
| .It Dv PROC_STACKGAP_ENABLE_EXEC | |||||
| Stack gaps are enabled in the process after | |||||
| .Xr execve 2 . | |||||
| .It Dv PROC_STACKGAP_DISABLE_EXEC | |||||
| Stack gaps are disabled in the process after | |||||
| .Xr execve 2 . | |||||
| .El | |||||
| .El | .El | ||||
| .Sh NOTES | .Sh NOTES | ||||
| Disabling tracing on a process should not be considered a security | Disabling tracing on a process should not be considered a security | ||||
| feature, as it is bypassable both by the kernel and privileged processes, | feature, as it is bypassable both by the kernel and privileged processes, | ||||
| and via other system mechanisms. | and via other system mechanisms. | ||||
| As such, it should not be utilized to reliably protect cryptographic | As such, it should not be utilized to reliably protect cryptographic | ||||
| keying material or other confidential data. | keying material or other confidential data. | ||||
| .Sh RETURN VALUES | .Sh RETURN VALUES | ||||
| ▲ Show 20 Lines • Show All 130 Lines • Show Last 20 Lines | |||||