Differential D33704 Diff 101477 usr.bin/proccontrol/proccontrol.c

Changeset View

Standalone View

usr.bin/proccontrol/proccontrol.c

Show All 38 Lines
#include <unistd.h>		#include <unistd.h>

enum {		enum {
MODE_ASLR,		MODE_ASLR,
MODE_INVALID,		MODE_INVALID,
MODE_TRACE,		MODE_TRACE,
MODE_TRAPCAP,		MODE_TRAPCAP,
MODE_PROTMAX,		MODE_PROTMAX,
MODE_STACKGAP,
MODE_NO_NEW_PRIVS,		MODE_NO_NEW_PRIVS,
MODE_WXMAP,		MODE_WXMAP,
#ifdef PROC_KPTI_CTL		#ifdef PROC_KPTI_CTL
MODE_KPTI,		MODE_KPTI,
#endif		#endif
#ifdef PROC_LA_CTL		#ifdef PROC_LA_CTL
MODE_LA57,		MODE_LA57,
MODE_LA48,		MODE_LA48,
Show All 25 Lines
#define LA_USAGE		#define LA_USAGE
#endif		#endif

static void __dead2		static void __dead2
usage(void)		usage(void)
{		{

fprintf(stderr, "Usage: proccontrol -m (aslr\|protmax\|trace\|trapcap\|"		fprintf(stderr, "Usage: proccontrol -m (aslr\|protmax\|trace\|trapcap\|"
"stackgap\|nonewprivs\|wxmap"KPTI_USAGE LA_USAGE") [-q] "		"nonewprivs\|wxmap"KPTI_USAGE LA_USAGE") [-q] "
"[-s (enable\|disable)] [-p pid \| command]\n");		"[-s (enable\|disable)] [-p pid \| command]\n");
exit(1);		exit(1);
}		}

int		int
main(int argc, char *argv[])		main(int argc, char *argv[])
{		{
int arg, ch, error, mode;		int arg, ch, error, mode;
Show All 10 Lines	case 'm':
if (strcmp(optarg, "aslr") == 0)		if (strcmp(optarg, "aslr") == 0)
mode = MODE_ASLR;		mode = MODE_ASLR;
else if (strcmp(optarg, "protmax") == 0)		else if (strcmp(optarg, "protmax") == 0)
mode = MODE_PROTMAX;		mode = MODE_PROTMAX;
else if (strcmp(optarg, "trace") == 0)		else if (strcmp(optarg, "trace") == 0)
mode = MODE_TRACE;		mode = MODE_TRACE;
else if (strcmp(optarg, "trapcap") == 0)		else if (strcmp(optarg, "trapcap") == 0)
mode = MODE_TRAPCAP;		mode = MODE_TRAPCAP;
else if (strcmp(optarg, "stackgap") == 0)
mode = MODE_STACKGAP;
else if (strcmp(optarg, "nonewprivs") == 0)		else if (strcmp(optarg, "nonewprivs") == 0)
mode = MODE_NO_NEW_PRIVS;		mode = MODE_NO_NEW_PRIVS;
else if (strcmp(optarg, "wxmap") == 0)		else if (strcmp(optarg, "wxmap") == 0)
mode = MODE_WXMAP;		mode = MODE_WXMAP;
#ifdef PROC_KPTI_CTL		#ifdef PROC_KPTI_CTL
else if (strcmp(optarg, "kpti") == 0)		else if (strcmp(optarg, "kpti") == 0)
mode = MODE_KPTI;		mode = MODE_KPTI;
#endif		#endif
▲ Show 20 Lines • Show All 46 Lines • ▼ Show 20 Lines	case MODE_TRACE:
error = procctl(P_PID, pid, PROC_TRACE_STATUS, &arg);		error = procctl(P_PID, pid, PROC_TRACE_STATUS, &arg);
break;		break;
case MODE_TRAPCAP:		case MODE_TRAPCAP:
error = procctl(P_PID, pid, PROC_TRAPCAP_STATUS, &arg);		error = procctl(P_PID, pid, PROC_TRAPCAP_STATUS, &arg);
break;		break;
case MODE_PROTMAX:		case MODE_PROTMAX:
error = procctl(P_PID, pid, PROC_PROTMAX_STATUS, &arg);		error = procctl(P_PID, pid, PROC_PROTMAX_STATUS, &arg);
break;		break;
case MODE_STACKGAP:
error = procctl(P_PID, pid, PROC_STACKGAP_STATUS, &arg);
break;
case MODE_NO_NEW_PRIVS:		case MODE_NO_NEW_PRIVS:
error = procctl(P_PID, pid, PROC_NO_NEW_PRIVS_STATUS,		error = procctl(P_PID, pid, PROC_NO_NEW_PRIVS_STATUS,
&arg);		&arg);
break;		break;
case MODE_WXMAP:		case MODE_WXMAP:
error = procctl(P_PID, pid, PROC_WXMAP_STATUS, &arg);		error = procctl(P_PID, pid, PROC_WXMAP_STATUS, &arg);
break;		break;
#ifdef PROC_KPTI_CTL		#ifdef PROC_KPTI_CTL
▲ Show 20 Lines • Show All 61 Lines • ▼ Show 20 Lines	case MODE_PROTMAX:
printf("not forced");		printf("not forced");
break;		break;
}		}
if ((arg & PROC_PROTMAX_ACTIVE) != 0)		if ((arg & PROC_PROTMAX_ACTIVE) != 0)
printf(", active\n");		printf(", active\n");
else		else
printf(", not active\n");		printf(", not active\n");
break;		break;
case MODE_STACKGAP:
switch (arg & (PROC_STACKGAP_ENABLE \|
PROC_STACKGAP_DISABLE)) {
case PROC_STACKGAP_ENABLE:
printf("enabled\n");
break;
case PROC_STACKGAP_DISABLE:
printf("disabled\n");
break;
}
switch (arg & (PROC_STACKGAP_ENABLE_EXEC \|
PROC_STACKGAP_DISABLE_EXEC)) {
case PROC_STACKGAP_ENABLE_EXEC:
printf("enabled after exec\n");
break;
case PROC_STACKGAP_DISABLE_EXEC:
printf("disabled after exec\n");
break;
}
break;
case MODE_NO_NEW_PRIVS:		case MODE_NO_NEW_PRIVS:
switch (arg) {		switch (arg) {
case PROC_NO_NEW_PRIVS_ENABLE:		case PROC_NO_NEW_PRIVS_ENABLE:
printf("enabled\n");		printf("enabled\n");
break;		break;
case PROC_NO_NEW_PRIVS_DISABLE:		case PROC_NO_NEW_PRIVS_DISABLE:
printf("disabled\n");		printf("disabled\n");
break;		break;
▲ Show 20 Lines • Show All 64 Lines • ▼ Show 20 Lines	case MODE_TRAPCAP:
arg = enable ? PROC_TRAPCAP_CTL_ENABLE :		arg = enable ? PROC_TRAPCAP_CTL_ENABLE :
PROC_TRAPCAP_CTL_DISABLE;		PROC_TRAPCAP_CTL_DISABLE;
error = procctl(P_PID, pid, PROC_TRAPCAP_CTL, &arg);		error = procctl(P_PID, pid, PROC_TRAPCAP_CTL, &arg);
break;		break;
case MODE_PROTMAX:		case MODE_PROTMAX:
arg = enable ? PROC_PROTMAX_FORCE_ENABLE :		arg = enable ? PROC_PROTMAX_FORCE_ENABLE :
PROC_PROTMAX_FORCE_DISABLE;		PROC_PROTMAX_FORCE_DISABLE;
error = procctl(P_PID, pid, PROC_PROTMAX_CTL, &arg);		error = procctl(P_PID, pid, PROC_PROTMAX_CTL, &arg);
break;
case MODE_STACKGAP:
arg = enable ? PROC_STACKGAP_ENABLE_EXEC :
(PROC_STACKGAP_DISABLE \|
PROC_STACKGAP_DISABLE_EXEC);
error = procctl(P_PID, pid, PROC_STACKGAP_CTL, &arg);
break;		break;
case MODE_NO_NEW_PRIVS:		case MODE_NO_NEW_PRIVS:
arg = enable ? PROC_NO_NEW_PRIVS_ENABLE :		arg = enable ? PROC_NO_NEW_PRIVS_ENABLE :
PROC_NO_NEW_PRIVS_DISABLE;		PROC_NO_NEW_PRIVS_DISABLE;
error = procctl(P_PID, pid, PROC_NO_NEW_PRIVS_CTL,		error = procctl(P_PID, pid, PROC_NO_NEW_PRIVS_CTL,
&arg);		&arg);
break;		break;
case MODE_WXMAP:		case MODE_WXMAP:
Show All 36 Lines