procctl: actually require debug privileges over target
for state control over TRACE, TRAPCAP, ASLR, PROTMAX, STACKGAP, NO_NEWPRIVS, and WXMAP. Reported by: emaste Reviewed by: emaste, markj Sponsored by: The FreeBSD Foundation MFC after: 1 week Differential revision: https://reviews.freebsd.org/D32513
This commit is contained in:
parent
1c4dbee5dd
commit
f5bb6e5a6d
@ -72,6 +72,14 @@ Control processes belonging to the process group with the ID
|
||||
The control request to perform is specified by the
|
||||
.Fa cmd
|
||||
argument.
|
||||
.Pp
|
||||
All status changing requests
|
||||
.Dv *_CTL
|
||||
require the caller to have the right to debug the target.
|
||||
All status query requests
|
||||
.DV *_STATUS
|
||||
require the caller to have the right to observe the target.
|
||||
.Pp
|
||||
The following commands are supported:
|
||||
.Bl -tag -width PROC_TRAPCAP_STATUS
|
||||
.It Dv PROC_ASLR_CTL
|
||||
|
@ -759,7 +759,7 @@ static const struct procctl_cmd_info procctl_cmds_info[] = {
|
||||
[PROC_TRACE_CTL] =
|
||||
{ .lock_tree = SA_SLOCKED, .one_proc = false,
|
||||
.esrch_is_einval = false, .no_nonnull_data = false,
|
||||
.need_candebug = false,
|
||||
.need_candebug = true,
|
||||
.copyin_sz = sizeof(int), .copyout_sz = 0,
|
||||
.exec = trace_ctl, .copyout_on_error = false, },
|
||||
[PROC_TRACE_STATUS] =
|
||||
@ -771,7 +771,7 @@ static const struct procctl_cmd_info procctl_cmds_info[] = {
|
||||
[PROC_TRAPCAP_CTL] =
|
||||
{ .lock_tree = SA_SLOCKED, .one_proc = false,
|
||||
.esrch_is_einval = false, .no_nonnull_data = false,
|
||||
.need_candebug = false,
|
||||
.need_candebug = true,
|
||||
.copyin_sz = sizeof(int), .copyout_sz = 0,
|
||||
.exec = trapcap_ctl, .copyout_on_error = false, },
|
||||
[PROC_TRAPCAP_STATUS] =
|
||||
@ -795,7 +795,7 @@ static const struct procctl_cmd_info procctl_cmds_info[] = {
|
||||
[PROC_ASLR_CTL] =
|
||||
{ .lock_tree = SA_UNLOCKED, .one_proc = true,
|
||||
.esrch_is_einval = false, .no_nonnull_data = false,
|
||||
.need_candebug = false,
|
||||
.need_candebug = true,
|
||||
.copyin_sz = sizeof(int), .copyout_sz = 0,
|
||||
.exec = aslr_ctl, .copyout_on_error = false, },
|
||||
[PROC_ASLR_STATUS] =
|
||||
@ -807,7 +807,7 @@ static const struct procctl_cmd_info procctl_cmds_info[] = {
|
||||
[PROC_PROTMAX_CTL] =
|
||||
{ .lock_tree = SA_UNLOCKED, .one_proc = true,
|
||||
.esrch_is_einval = false, .no_nonnull_data = false,
|
||||
.need_candebug = false,
|
||||
.need_candebug = true,
|
||||
.copyin_sz = sizeof(int), .copyout_sz = 0,
|
||||
.exec = protmax_ctl, .copyout_on_error = false, },
|
||||
[PROC_PROTMAX_STATUS] =
|
||||
@ -819,7 +819,7 @@ static const struct procctl_cmd_info procctl_cmds_info[] = {
|
||||
[PROC_STACKGAP_CTL] =
|
||||
{ .lock_tree = SA_UNLOCKED, .one_proc = true,
|
||||
.esrch_is_einval = false, .no_nonnull_data = false,
|
||||
.need_candebug = false,
|
||||
.need_candebug = true,
|
||||
.copyin_sz = sizeof(int), .copyout_sz = 0,
|
||||
.exec = stackgap_ctl, .copyout_on_error = false, },
|
||||
[PROC_STACKGAP_STATUS] =
|
||||
@ -831,7 +831,7 @@ static const struct procctl_cmd_info procctl_cmds_info[] = {
|
||||
[PROC_NO_NEW_PRIVS_CTL] =
|
||||
{ .lock_tree = SA_SLOCKED, .one_proc = true,
|
||||
.esrch_is_einval = false, .no_nonnull_data = false,
|
||||
.need_candebug = false,
|
||||
.need_candebug = true,
|
||||
.copyin_sz = sizeof(int), .copyout_sz = 0,
|
||||
.exec = no_new_privs_ctl, .copyout_on_error = false, },
|
||||
[PROC_NO_NEW_PRIVS_STATUS] =
|
||||
@ -843,7 +843,7 @@ static const struct procctl_cmd_info procctl_cmds_info[] = {
|
||||
[PROC_WXMAP_CTL] =
|
||||
{ .lock_tree = SA_UNLOCKED, .one_proc = true,
|
||||
.esrch_is_einval = false, .no_nonnull_data = false,
|
||||
.need_candebug = false,
|
||||
.need_candebug = true,
|
||||
.copyin_sz = sizeof(int), .copyout_sz = 0,
|
||||
.exec = wxmap_ctl, .copyout_on_error = false, },
|
||||
[PROC_WXMAP_STATUS] =
|
||||
|
Loading…
Reference in New Issue
Block a user