diff options
Diffstat (limited to 'usr.bin/proccontrol/proccontrol.1')
| -rw-r--r-- | usr.bin/proccontrol/proccontrol.1 | 146 |
1 files changed, 146 insertions, 0 deletions
diff --git a/usr.bin/proccontrol/proccontrol.1 b/usr.bin/proccontrol/proccontrol.1 new file mode 100644 index 000000000000..817e9b5865bc --- /dev/null +++ b/usr.bin/proccontrol/proccontrol.1 @@ -0,0 +1,146 @@ +.\" Copyright (c) 2019 The FreeBSD Foundation +.\" +.\" This documentation was written by +.\" Konstantin Belousov <kib@FreeBSD.org> under sponsorship +.\" from the FreeBSD Foundation. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.Dd December 14, 2024 +.Dt PROCCONTROL 1 +.Os +.Sh NAME +.Nm proccontrol +.Nd Control some process execution aspects +.Sh SYNOPSIS +.Nm +.Fl m Ar mode +.Fl s Ar control +.Fl p Ar pid | command +.Nm +.Fl m Ar mode +.Fl q +.Op Fl p Ar pid | command +.Sh DESCRIPTION +The +.Nm +command modifies the execution parameter of existing process +specified by the +.Ar pid +argument, or starts execution of the new program +.Ar command +with the execution parameter set for it. +.Pp +Which execution parameter is changed, selected by the mandatory +parameter +.Ar mode . +Possible values for +.Ar mode +are: +.Bl -tag -width logsigexit +.It Ar aslr +Control the Address Space Layout Randomization. +Only applicable to the new process spawned. +.It Ar trace +Control the permission for debuggers to attach. +Note that process is only allowed to enable tracing for itself, +not for any other process. +.It Ar trapcap +Controls the signalling of capability mode access violations. +.It Ar protmax +Controls the implicit PROT_MAX application for +.Xr mmap 2 . +.It Ar nonewprivs +Controls disabling the setuid and sgid bits for +.Xr execve 2 . +.It Ar wxmap +Controls the write exclusive execute mode for mappings. +.It Ar kpti +Controls the KPTI enable, AMD64 only. +.It Ar la48 +Control limiting usermode process address space to 48 bits of address, +AMD64 only, on machines capable of 57-bit addressing. +.It Ar logsigexit +Controls the logging of exits due to a signal that would normally cause a core +dump. +.El +.Pp +The +.Ar control +specifies if the selected +.Ar mode +should be enabled or disabled. +Possible values are +.Ar enable +and +.Ar disable , +with the default value being +.Ar enable +if not specified. +See +.Xr procctl 2 +for detailed description of each mode effects and interaction with other +process control facilities. +.Pp +The +.Fl q +switch makes the utility query and print the current setting for +the selected mode. +The +.Fl q +requires the query target process specification with +.Fl p . +.Sh EXIT STATUS +.Ex -std +.Sh EXAMPLES +.Bl -bullet +.It +To disable debuggers attachment to the process 1020, execute +.Dl "proccontrol -m trace -s disable -p 1020" +.It +To execute the +.Xr uniq 1 +program in a mode where capability access violations cause +.Dv SIGTRAP +delivery, do +.Dl "proccontrol -m trapcap uniq" +.It +To query the current ASLR enablement mode for the running +process 1020, do +.Dl "proccontrol -m aslr -q -p 1020" +.El +.Sh SEE ALSO +.Xr kill 2 , +.Xr procctl 2 , +.Xr ptrace 2 , +.Xr mitigations 7 +.Sh HISTORY +The +.Nm +command appeared in +.Fx 10.0 . +.Sh AUTHORS +The +.Nm +command and this manual page were written by +.An Konstantin Belousov Aq Mt kib@freebsd.org +under sponsorship from The FreeBSD Foundation. |