procctl(2): document ASLR knobs.
Reviewed by: 0mp Sponsored by: The FreeBSD Foundation Differential revision: https://reviews.freebsd.org/D19308
This commit is contained in:
Konstantin Belousov
parent
80a3fa4893
commit
9fb91a0a7d
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=344593
@ -72,6 +72,46 @@ The control request to perform is specified by the
|
||||
argument.
|
||||
The following commands are supported:
|
||||
.Bl -tag -width PROC_TRAPCAP_STATUS
|
||||
.It Dv PROC_ASLR_CTL
|
||||
Controls the Address Space Layout Randomization (ASLR) in the program
|
||||
images created
|
||||
by
|
||||
.Xr execve 2
|
||||
in the specified process or its descendants that did not changed
|
||||
the control nor modified it by other means.
|
||||
The
|
||||
.Va arg
|
||||
parameter must point to the integer variable holding one of the following
|
||||
values:
|
||||
.Bl -tag -width PROC_ASLR_FORCE_DISABLE
|
||||
.It Dv PROC_ASLR_FORCE_ENABLE
|
||||
Request that ASLR is enabled after execution, even if it is disabled
|
||||
system-wide.
|
||||
The image flag and set-uid might prevent ASLR enablement still.
|
||||
.It Dv PROC_ASLR_FORCE_DISABLE
|
||||
Request that ASLR is disabled after execution.
|
||||
Same notes as for
|
||||
.Dv PROC_ASKR_FORCE_ENABLE
|
||||
apply.
|
||||
.It Dv PROC_ASLR_NOFORCE
|
||||
Use system-wide configured policy for ASLR.
|
||||
.El
|
||||
.It Dv PROC_ASLR_STATUS
|
||||
Returns the current status of ASLR enablement for the target process.
|
||||
The
|
||||
.Va arg
|
||||
parameter must point to the integer variable, where one of the
|
||||
following values is written:
|
||||
.Bl -tag -width PROC_ASLR_FORCE_DISABLE
|
||||
.It Dv PROC_ASLR_FORCE_ENABLE
|
||||
.It Dv PROC_ASLR_FORCE_DISABLE
|
||||
.It Dv PROC_ASLR_NOFORCE
|
||||
.El
|
||||
.Pp
|
||||
If the currently executed image in the process itself has ASLR enabled,
|
||||
the
|
||||
.Dv PROC_ASLR_ACTIVE
|
||||
flag is or-ed with the value listed above.
|
||||
.It Dv PROC_SPROTECT
|
||||
Set process protection state.
|
||||
This is used to mark a process as protected from being killed if the system
|
||||
@ -543,11 +583,16 @@ The
|
||||
.Fn procctl
|
||||
function appeared in
|
||||
.Fx 10.0 .
|
||||
.Pp
|
||||
The reaper facility is based on a similar feature of Linux and
|
||||
DragonflyBSD, and first appeared in
|
||||
.Fx 10.2 .
|
||||
.Pp
|
||||
The
|
||||
.Dv PROC_PDEATHSIG_CTL
|
||||
facility is based on the prctl(PR_SET_PDEATHSIG, ...) feature of Linux,
|
||||
and first appeared in
|
||||
.Fx 11.2 .
|
||||
.Pp
|
||||
The ASLR support was added to system for the checklists compliance in
|
||||
.Fx 13.0 .
|
||||
|
||||
Loading…
Reference in New Issue
Block a user