1.\" 2.\" Copyright (c) 2003 Joseph Koshy <jkoshy@freebsd.org> 3.\" 4.\" All rights reserved. 5.\" 6.\" This program is free software. 7.\" 8.\" Redistribution and use in source and binary forms, with or without 9.\" modification, are permitted provided that the following conditions 10.\" are met: 11.\" 1. Redistributions of source code must retain the above copyright 12.\" notice, this list of conditions and the following disclaimer. 13.\" 2. Redistributions in binary form must reproduce the above copyright 14.\" notice, this list of conditions and the following disclaimer in the 15.\" documentation and/or other materials provided with the distribution. 16.\" 17.\" THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY EXPRESS OR 18.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 19.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 20.\" IN NO EVENT SHALL THE DEVELOPERS BE LIABLE FOR ANY DIRECT, INDIRECT, 21.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 22.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 23.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 24.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 25.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 26.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 27.\" 28.\" $FreeBSD$ 29.\" 30.Dd November 11, 2003 31.Os 32.Dt P_CANDEBUG 9 33.Sh NAME 34.Nm p_candebug 35.Nd determine debuggability of a process 36.Sh SYNOPSIS 37.In sys/proc.h 38.Ft int 39.Fn p_candebug "struct thread *td" "struct proc *p" 40.Sh DESCRIPTION 41This function can be used to determine if a given process 42.Fa p 43is debuggable by the thread 44.Fa td . 45.Sh SYSCTL VARIABLES 46The following 47.Xr sysctl 8 48variables directly influence the behaviour of 49.Fn p_candebug : 50.Bl -tag -width indent 51.It Va kern.securelevel 52Debugging of the init process is not allowed if this variable is 53.Li 1 54or greater. 55.It Va security.bsd.unprivileged_proc_debug 56Must be set to a non-zero value to allow unprivileged processes 57access to the kernel's debug facilities. 58.El 59.Sh RETURN VALUES 60The 61.Fn p_candebug 62function 63returns 64.Li 0 65if the process denoted by 66.Fa p 67is debuggable by thread 68.Fa td , 69or a non-zero error return value otherwise. 70.Sh ERRORS 71.Bl -tag -width Er 72.It Bq Er EACCESS 73The MAC subsystem denied debuggability. 74.It Bq Er EAGAIN 75Process 76.Fa p 77is in the process of being 78.Fn exec Ns 'ed. 79.It Bq Er EPERM 80Thread 81.Fa td 82lacks super-user credentials and process 83.Fa p 84is executing a set-user-ID or set-group-ID executable. 85.It Bq Er EPERM 86Thread 87.Fa td 88lacks super-user credentials and process 89.Fa p Ns 's 90group set is not a subset of 91.Fa td Ns 's 92effective group set. 93.It Bq Er EPERM 94Thread 95.Fa td 96lacks super-user credentials and process 97.Fa p Ns 's 98user IDs do not match thread 99.Fa td Ns 's 100effective user ID. 101.It Bq Er EPERM 102Process 103.Fa p 104denotes the initial process 105.Fn initproc 106and the 107.Xr sysctl 8 108variable 109.Va kern.securelevel 110is greater than zero. 111.It Bq Er ESRCH 112Process 113.Fa p 114is not visible to thread 115.Fa td 116as determined by 117.Xr cr_seeotheruids 9 118or 119.Xr cr_seeothergids 9 . 120.It Bq Er ESRCH 121Thread 122.Fa td 123has been jailed and process 124.Fa p 125does not belong to the same jail as 126.Fa td . 127.It Bq Er ESRCH 128The MAC subsystem denied debuggability. 129.El 130.Sh SEE ALSO 131.Xr intro 2 , 132.Xr jail 2 , 133.Xr sysctl 8 , 134.Xr cr_seeothergids 9 , 135.Xr cr_seeotheruids 9 , 136.Xr mac 9 , 137.Xr prison_check 9 138