1.\" 2.\" Copyright (c) 2003 Joseph Koshy <jkoshy@freebsd.org> 3.\" 4.\" All rights reserved. 5.\" 6.\" This program is free software. 7.\" 8.\" Redistribution and use in source and binary forms, with or without 9.\" modification, are permitted provided that the following conditions 10.\" are met: 11.\" 1. Redistributions of source code must retain the above copyright 12.\" notice, this list of conditions and the following disclaimer. 13.\" 2. Redistributions in binary form must reproduce the above copyright 14.\" notice, this list of conditions and the following disclaimer in the 15.\" documentation and/or other materials provided with the distribution. 16.\" 17.\" THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY EXPRESS OR 18.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 19.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 20.\" IN NO EVENT SHALL THE DEVELOPERS BE LIABLE FOR ANY DIRECT, INDIRECT, 21.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 22.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 23.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 24.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 25.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 26.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 27.\" 28.\" $FreeBSD$ 29.Dd November 11, 2003 30.Os 31.Dt p_candebug 9 32.Sh NAME 33.Nm p_candebug 34.Nd determine debuggability of a process 35.Sh SYNOPSIS 36.In sys/proc.h 37.Ft int 38.Fn p_candebug "struct thread *td" "struct proc *p" 39.Sh DESCRIPTION 40This function can be used to determine if a given process 41.Fa p 42is debuggable by the thread 43.Fa td . 44.Sh SYSCTL TUNABLES 45The following 46.Xr sysctl 8 47tunables directly influence the behaviour of 48.Fn p_candebug : 49.Bl -tag -width indent 50.It Va kern.securelevel 51debugging of the init process is not allowed if this tunable is 52.Li 1 53or greater. 54.It Va security.bsd.unprivileged_proc_debug 55must be set to a non-zero value to allow unprivileged processes 56access to the kernel's debug facilities. 57.El 58.Sh RETURN VALUES 59.Fn p_candebug 60returns 61.Li 0 62if the process denoted by 63.Ar p 64is debuggable by thread 65.Ar td , 66or a non-zero error return value otherwise. 67.Sh ERRORS 68.Bl -tag -width Er 69.It Bq Er EACCESS 70The MAC subsystem denied debuggability. 71.It Bq Er EAGAIN 72Process 73.Fa p 74is in the process of being 75.Fn exec Ns 'ed. 76.It Bq Er EPERM 77Thread 78.Fa td 79lacks super-user credentials and process 80.Fa p 81is executing a set-user-id or set-group-id executable. 82.It Bq Er EPERM 83Thread 84.Fa td 85lacks super-user credentials and process 86.Fa p Ns 's 87group set is not a subset of 88.Fa td Ns 's 89effective group set. 90.It Bq Er EPERM 91Thread 92.Fa td 93lacks super-user credentials and process 94.Fa p Ns 's 95user ids do not match thread 96.Fa td Ns 's 97effective user id. 98.It Bq Er EPERM 99Process 100.Fa p 101denotes the initial process 102.Fn initproc 103and the sysctl tunable 104.Va kern.securelevel 105is greater than zero. 106.It Bq Er ESRCH 107Process 108.Fa p 109is not visible to thread 110.Fa td 111as determined by 112.Xr cr_seeotheruids 9 113or 114.Xr cr_seeothergids 9 . 115.It Bq Er ESRCH 116Thread 117.Fa td 118has been jailed and process 119.Fa p 120does not belong to the same jail as 121.Fa td . 122.It Bq Er ESRCH 123The MAC subsystem denied debuggability. 124.El 125.Sh SEE ALSO 126.Xr intro 2 , 127.Xr jail 2 , 128.Xr sysctl 8 , 129.Xr cr_seeotheruids 9 , 130.Xr cr_seeothergids 9 , 131.Xr mac 9 , 132.Xr prison_check 9 133