2003-12-11 13:29:05 +00:00
|
|
|
.\"
|
|
|
|
.\" Copyright (c) 2003 Joseph Koshy <jkoshy@freebsd.org>
|
|
|
|
.\"
|
|
|
|
.\" All rights reserved.
|
|
|
|
.\"
|
|
|
|
.\" This program is free software.
|
|
|
|
.\"
|
|
|
|
.\" Redistribution and use in source and binary forms, with or without
|
|
|
|
.\" modification, are permitted provided that the following conditions
|
|
|
|
.\" are met:
|
|
|
|
.\" 1. Redistributions of source code must retain the above copyright
|
|
|
|
.\" notice, this list of conditions and the following disclaimer.
|
|
|
|
.\" 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
.\" notice, this list of conditions and the following disclaimer in the
|
|
|
|
.\" documentation and/or other materials provided with the distribution.
|
|
|
|
.\"
|
|
|
|
.\" THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY EXPRESS OR
|
|
|
|
.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
|
|
|
|
.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
|
|
|
|
.\" IN NO EVENT SHALL THE DEVELOPERS BE LIABLE FOR ANY DIRECT, INDIRECT,
|
|
|
|
.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
|
|
|
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
|
|
.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
|
|
.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
|
|
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
|
|
|
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
|
|
.\"
|
|
|
|
.\" $FreeBSD$
|
2004-07-06 07:26:23 +00:00
|
|
|
.\"
|
2003-12-11 13:29:05 +00:00
|
|
|
.Dd November 11, 2003
|
|
|
|
.Os
|
2004-07-06 07:26:23 +00:00
|
|
|
.Dt P_CANDEBUG 9
|
2003-12-11 13:29:05 +00:00
|
|
|
.Sh NAME
|
|
|
|
.Nm p_candebug
|
|
|
|
.Nd determine debuggability of a process
|
|
|
|
.Sh SYNOPSIS
|
|
|
|
.In sys/proc.h
|
|
|
|
.Ft int
|
|
|
|
.Fn p_candebug "struct thread *td" "struct proc *p"
|
|
|
|
.Sh DESCRIPTION
|
|
|
|
This function can be used to determine if a given process
|
|
|
|
.Fa p
|
|
|
|
is debuggable by the thread
|
|
|
|
.Fa td .
|
2004-07-06 07:26:23 +00:00
|
|
|
.Sh SYSCTL VARIABLES
|
2003-12-11 13:29:05 +00:00
|
|
|
The following
|
|
|
|
.Xr sysctl 8
|
2004-07-06 07:26:23 +00:00
|
|
|
variables directly influence the behaviour of
|
2003-12-11 13:29:05 +00:00
|
|
|
.Fn p_candebug :
|
|
|
|
.Bl -tag -width indent
|
|
|
|
.It Va kern.securelevel
|
2004-07-06 07:26:23 +00:00
|
|
|
Debugging of the init process is not allowed if this variable is
|
2003-12-11 13:29:05 +00:00
|
|
|
.Li 1
|
|
|
|
or greater.
|
|
|
|
.It Va security.bsd.unprivileged_proc_debug
|
2004-07-06 07:26:23 +00:00
|
|
|
Must be set to a non-zero value to allow unprivileged processes
|
2003-12-11 13:29:05 +00:00
|
|
|
access to the kernel's debug facilities.
|
|
|
|
.El
|
|
|
|
.Sh RETURN VALUES
|
2004-07-06 07:26:23 +00:00
|
|
|
The
|
2003-12-11 13:29:05 +00:00
|
|
|
.Fn p_candebug
|
2004-07-06 07:26:23 +00:00
|
|
|
function
|
2003-12-11 13:29:05 +00:00
|
|
|
returns
|
|
|
|
.Li 0
|
|
|
|
if the process denoted by
|
2004-07-06 07:26:23 +00:00
|
|
|
.Fa p
|
2003-12-11 13:29:05 +00:00
|
|
|
is debuggable by thread
|
2004-07-06 07:26:23 +00:00
|
|
|
.Fa td ,
|
2003-12-11 13:29:05 +00:00
|
|
|
or a non-zero error return value otherwise.
|
|
|
|
.Sh ERRORS
|
|
|
|
.Bl -tag -width Er
|
|
|
|
.It Bq Er EACCESS
|
|
|
|
The MAC subsystem denied debuggability.
|
|
|
|
.It Bq Er EAGAIN
|
|
|
|
Process
|
|
|
|
.Fa p
|
|
|
|
is in the process of being
|
|
|
|
.Fn exec Ns 'ed.
|
|
|
|
.It Bq Er EPERM
|
|
|
|
Thread
|
|
|
|
.Fa td
|
|
|
|
lacks super-user credentials and process
|
|
|
|
.Fa p
|
2004-07-06 07:26:23 +00:00
|
|
|
is executing a set-user-ID or set-group-ID executable.
|
2003-12-11 13:29:05 +00:00
|
|
|
.It Bq Er EPERM
|
|
|
|
Thread
|
|
|
|
.Fa td
|
|
|
|
lacks super-user credentials and process
|
|
|
|
.Fa p Ns 's
|
|
|
|
group set is not a subset of
|
|
|
|
.Fa td Ns 's
|
|
|
|
effective group set.
|
|
|
|
.It Bq Er EPERM
|
|
|
|
Thread
|
|
|
|
.Fa td
|
|
|
|
lacks super-user credentials and process
|
|
|
|
.Fa p Ns 's
|
2004-07-06 07:26:23 +00:00
|
|
|
user IDs do not match thread
|
2003-12-11 13:29:05 +00:00
|
|
|
.Fa td Ns 's
|
2004-07-06 07:26:23 +00:00
|
|
|
effective user ID.
|
2003-12-11 13:29:05 +00:00
|
|
|
.It Bq Er EPERM
|
|
|
|
Process
|
|
|
|
.Fa p
|
|
|
|
denotes the initial process
|
|
|
|
.Fn initproc
|
2004-07-06 07:26:23 +00:00
|
|
|
and the
|
|
|
|
.Xr sysctl 8
|
|
|
|
variable
|
2003-12-11 13:29:05 +00:00
|
|
|
.Va kern.securelevel
|
|
|
|
is greater than zero.
|
|
|
|
.It Bq Er ESRCH
|
|
|
|
Process
|
|
|
|
.Fa p
|
|
|
|
is not visible to thread
|
|
|
|
.Fa td
|
|
|
|
as determined by
|
|
|
|
.Xr cr_seeotheruids 9
|
|
|
|
or
|
|
|
|
.Xr cr_seeothergids 9 .
|
|
|
|
.It Bq Er ESRCH
|
|
|
|
Thread
|
|
|
|
.Fa td
|
|
|
|
has been jailed and process
|
|
|
|
.Fa p
|
|
|
|
does not belong to the same jail as
|
|
|
|
.Fa td .
|
|
|
|
.It Bq Er ESRCH
|
|
|
|
The MAC subsystem denied debuggability.
|
|
|
|
.El
|
|
|
|
.Sh SEE ALSO
|
|
|
|
.Xr intro 2 ,
|
|
|
|
.Xr jail 2 ,
|
|
|
|
.Xr sysctl 8 ,
|
|
|
|
.Xr cr_seeothergids 9 ,
|
2004-07-04 20:55:50 +00:00
|
|
|
.Xr cr_seeotheruids 9 ,
|
2003-12-11 13:29:05 +00:00
|
|
|
.Xr mac 9 ,
|
|
|
|
.Xr prison_check 9
|