Changeset View
Changeset View
Standalone View
Standalone View
head/lib/libc/sys/procctl.2
Show All 23 Lines | |||||
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||||
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||||
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||||
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||||
.\" SUCH DAMAGE. | .\" SUCH DAMAGE. | ||||
.\" | .\" | ||||
.\" $FreeBSD$ | .\" $FreeBSD$ | ||||
.\" | .\" | ||||
.Dd April 9, 2019 | .Dd August 31, 2019 | ||||
.Dt PROCCTL 2 | .Dt PROCCTL 2 | ||||
.Os | .Os | ||||
.Sh NAME | .Sh NAME | ||||
.Nm procctl | .Nm procctl | ||||
.Nd control processes | .Nd control processes | ||||
.Sh LIBRARY | .Sh LIBRARY | ||||
.Lb libc | .Lb libc | ||||
.Sh SYNOPSIS | .Sh SYNOPSIS | ||||
▲ Show 20 Lines • Show All 457 Lines • ▼ Show 20 Lines | |||||
and | and | ||||
.Fa id | .Fa id | ||||
must be the either caller's pid or zero, with no difference in effect. | must be the either caller's pid or zero, with no difference in effect. | ||||
.Fa arg | .Fa arg | ||||
must point to a memory location that can hold a value of type | must point to a memory location that can hold a value of type | ||||
.Vt int . | .Vt int . | ||||
If signal delivery has not been requested, it will contain zero | If signal delivery has not been requested, it will contain zero | ||||
on return. | on return. | ||||
.It Dv PROC_STACKGAP_CTL | |||||
Controls the stack gaps in the specified process. | |||||
A stack gap is the part of the growth area for a | |||||
.Dv MAP_STACK | |||||
mapped region that is reserved and never filled by memory. | |||||
Instead, the process is guaranteed to receive a | |||||
.Dv SIGSEGV | |||||
signal on accessing pages in the gap. | |||||
Gaps protect against stack overflow corrupting memory adjacent | |||||
to the stack. | |||||
.Pp | |||||
The | |||||
.Fa data | |||||
argument must point to an integer variable containing flags. | |||||
The following flags are allowed: | |||||
.Bl -tag -width PROC_STACKGAP_DISABLE_EXEC | |||||
.It Dv PROC_STACKGAP_ENABLE | |||||
This flag is only accepted for consistency with | |||||
.Dv PROC_STACKGAP_STATUS . | |||||
If stack gaps are enabled, the flag is ignored. | |||||
If disabled, the flag causes an | |||||
.Ev EINVAL | |||||
error to be returned. | |||||
After gaps are disabled in a process, they can only be re-enabled when an | |||||
.Xr execve 2 | |||||
is performed. | |||||
.It Dv PROC_STACKGAP_DISABLE | |||||
Disable stack gaps for the process. | |||||
For existing stacks, the gap is no longer a reserved part of the growth | |||||
area and can be filled by memory on access. | |||||
.It Dv PROC_STACKGAP_ENABLE_EXEC | |||||
Enable stack gaps for programs started after an | |||||
.Xr execve 2 | |||||
by the specified process. | |||||
.It Dv PROC_STACKGAP_DISABLE_EXEC | |||||
Inherit disabled stack gaps state after | |||||
.Xr execve 2 . | |||||
In other words, if the currently executing program has stack gaps disabled, | |||||
they are kept disabled on exec. | |||||
If gaps were enabled, they are kept enabled after exec. | |||||
.El | |||||
.Pp | |||||
The stack gap state is inherited from the parent on | |||||
.Xr fork 2 . | |||||
.It Dv PROC_STACKGAP_STATUS | |||||
Returns the current stack gap state for the specified process. | |||||
.Fa data | |||||
must point to an integer variable, which is used to return a bitmask | |||||
consisting of the following flags: | |||||
.Bl -tag -width PROC_STACKGAP_DISABLE_EXEC | |||||
.It Dv PROC_STACKGAP_ENABLE | |||||
Stack gaps are enabled. | |||||
.It Dv PROC_STACKGAP_DISABLE | |||||
Stack gaps are disabled. | |||||
.It Dv PROC_STACKGAP_ENABLE_EXEC | |||||
Stack gaps are enabled in the process after | |||||
.Xr execve 2 . | |||||
.It Dv PROC_STACKGAP_DISABLE_EXEC | |||||
Stack gaps are disabled in the process after | |||||
.Xr execve 2 . | |||||
.El | |||||
.El | .El | ||||
.Sh NOTES | .Sh NOTES | ||||
Disabling tracing on a process should not be considered a security | Disabling tracing on a process should not be considered a security | ||||
feature, as it is bypassable both by the kernel and privileged processes, | feature, as it is bypassable both by the kernel and privileged processes, | ||||
and via other system mechanisms. | and via other system mechanisms. | ||||
As such, it should not be utilized to reliably protect cryptographic | As such, it should not be utilized to reliably protect cryptographic | ||||
keying material or other confidential data. | keying material or other confidential data. | ||||
.Sh RETURN VALUES | .Sh RETURN VALUES | ||||
▲ Show 20 Lines • Show All 130 Lines • Show Last 20 Lines |