Changeset View
Changeset View
Standalone View
Standalone View
lib/libc/sys/procctl.2
Show First 20 Lines • Show All 558 Lines • ▼ Show 20 Lines | |||||
Stack gaps are disabled. | Stack gaps are disabled. | ||||
.It Dv PROC_STACKGAP_ENABLE_EXEC | .It Dv PROC_STACKGAP_ENABLE_EXEC | ||||
Stack gaps are enabled in the process after | Stack gaps are enabled in the process after | ||||
.Xr execve 2 . | .Xr execve 2 . | ||||
.It Dv PROC_STACKGAP_DISABLE_EXEC | .It Dv PROC_STACKGAP_DISABLE_EXEC | ||||
Stack gaps are disabled in the process after | Stack gaps are disabled in the process after | ||||
.Xr execve 2 . | .Xr execve 2 . | ||||
.El | .El | ||||
.It Dv PROC_NO_NEW_PRIVS_CTL | |||||
Allows one to ignore the SUID and SGID bits on the program | |||||
images created by | |||||
kib: s/created/activated | |||||
.Xr execve 2 | |||||
in the specified process or its descendants. | |||||
kibUnsubmitted Not Done Inline ActionsI do not think that 'descendants' is right. It makes an impression that all existing children get this treatment, which is not true. Probably a better wording would be '... process and its future descendants'. kib: I do not think that 'descendants' is right. It makes an impression that all existing children… | |||||
The | |||||
.Fa data | |||||
parameter must point to the integer variable holding the following | |||||
value: | |||||
.Bl -tag -width PROC_NO_NEW_PRIVS_ENABLE | |||||
.It Dv PROC_NO_NEW_PRIVS_ENABLE | |||||
Request SUID and SGID bits to be ignored. | |||||
.El | |||||
.Pp | |||||
It is not possible to disable it once it has been enabled. | |||||
.It Dv PROC_NO_NEW_PRIVS_STATUS | |||||
Returns the current status of SETUID/SGID enablement for the target process. | |||||
kibUnsubmitted Not Done Inline ActionsEither SETUID/SETGID, or SUID/SGID. kib: Either SETUID/SETGID, or SUID/SGID. | |||||
The | |||||
.Fa data | |||||
parameter must point to the integer variable, where one of the | |||||
following values is written: | |||||
.Bl -tag -width PROC_NO_NEW_PRIVS_DISABLE | |||||
.It Dv PROC_NO_NEW_PRIVS_ENABLE | |||||
.It Dv PROC_NO_NEW_PRIVS_DISABLE | |||||
kibUnsubmitted Not Done Inline ActionsDon't you missed .El there? kib: Don't you missed .El there? | |||||
.El | .El | ||||
.Sh x86 MACHINE-SPECIFIC REQUESTS | .Sh x86 MACHINE-SPECIFIC REQUESTS | ||||
.Bl -tag -width PROC_KPTI_STATUS | .Bl -tag -width PROC_KPTI_STATUS | ||||
.It Dv PROC_KPTI_CTL | .It Dv PROC_KPTI_CTL | ||||
AMD64 only. | AMD64 only. | ||||
Controls the Kernel Page Table Isolation (KPTI) option for the children | Controls the Kernel Page Table Isolation (KPTI) option for the children | ||||
of the specified process. | of the specified process. | ||||
For the command to work, the | For the command to work, the | ||||
▲ Show 20 Lines • Show All 172 Lines • Show Last 20 Lines |
s/created/activated