114653744SKonstantin Belousov.\" Copyright (c) 2019 The FreeBSD Foundation, Inc. 214653744SKonstantin Belousov.\" All rights reserved. 314653744SKonstantin Belousov.\" 414653744SKonstantin Belousov.\" This documentation was written by 514653744SKonstantin Belousov.\" Konstantin Belousov <kib@FreeBSD.org> under sponsorship 614653744SKonstantin Belousov.\" from the FreeBSD Foundation. 714653744SKonstantin Belousov.\" 814653744SKonstantin Belousov.\" Redistribution and use in source and binary forms, with or without 914653744SKonstantin Belousov.\" modification, are permitted provided that the following conditions 1014653744SKonstantin Belousov.\" are met: 1114653744SKonstantin Belousov.\" 1. Redistributions of source code must retain the above copyright 1214653744SKonstantin Belousov.\" notice, this list of conditions and the following disclaimer. 1314653744SKonstantin Belousov.\" 2. Redistributions in binary form must reproduce the above copyright 1414653744SKonstantin Belousov.\" notice, this list of conditions and the following disclaimer in the 1514653744SKonstantin Belousov.\" documentation and/or other materials provided with the distribution. 1614653744SKonstantin Belousov.\" 1714653744SKonstantin Belousov.\" THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND 1814653744SKonstantin Belousov.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 1914653744SKonstantin Belousov.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 2014653744SKonstantin Belousov.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE 2114653744SKonstantin Belousov.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 2214653744SKonstantin Belousov.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 2314653744SKonstantin Belousov.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 2414653744SKonstantin Belousov.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 2514653744SKonstantin Belousov.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 2614653744SKonstantin Belousov.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 2714653744SKonstantin Belousov.\" SUCH DAMAGE. 2814653744SKonstantin Belousov.\" 2914653744SKonstantin Belousov.\" $FreeBSD$ 3014653744SKonstantin Belousov.\" 31*acb1f126SEdward Tomasz Napierala.Dd July 2, 2021 3214653744SKonstantin Belousov.Dt PROCCONTROL 1 3314653744SKonstantin Belousov.Os 3414653744SKonstantin Belousov.Sh NAME 3514653744SKonstantin Belousov.Nm proccontrol 3614653744SKonstantin Belousov.Nd Control some process execution aspects 3714653744SKonstantin Belousov.Sh SYNOPSIS 3814653744SKonstantin Belousov.Nm 3914653744SKonstantin Belousov.Fl m Ar mode 4014653744SKonstantin Belousov.Op Fl s Ar control 4114653744SKonstantin Belousov.Op Fl q 4214653744SKonstantin Belousov.Fl p Ar pid | command 4314653744SKonstantin Belousov.Sh DESCRIPTION 4414653744SKonstantin BelousovThe 4514653744SKonstantin Belousov.Nm 4614653744SKonstantin Belousovcommand modifies the execution parameter of existing process 4714653744SKonstantin Belousovspecified by the 4814653744SKonstantin Belousov.Ar pid 4914653744SKonstantin Belousovargument, or starts execution of the new program 5014653744SKonstantin Belousov.Ar command 5114653744SKonstantin Belousovwith the execution parameter set for it. 5214653744SKonstantin Belousov.Pp 5314653744SKonstantin BelousovWhich execution parameter is changed, selected by the mandatory 5414653744SKonstantin Belousovparameter 5514653744SKonstantin Belousov.Ar mode . 5614653744SKonstantin BelousovPossible values for 5714653744SKonstantin Belousov.Ar mode 5814653744SKonstantin Belousovare: 5914653744SKonstantin Belousov.Bl -tag -width trapcap 6014653744SKonstantin Belousov.It Ar aslr 6114653744SKonstantin BelousovControl the Address Space Layout Randomization. 6214653744SKonstantin BelousovOnly applicable to the new process spawned. 6314653744SKonstantin Belousov.It Ar trace 6414653744SKonstantin BelousovControl the permission for debuggers to attach. 65504748bcSKonstantin BelousovNote that process is only allowed to enable tracing for itself, 66504748bcSKonstantin Belousovnot for any other process. 6714653744SKonstantin Belousov.It Ar trapcap 6814653744SKonstantin BelousovControls the signalling of capability mode access violations. 6946922074SKonstantin Belousov.It Ar protmax 7046922074SKonstantin BelousovControls the implicit PROT_MAX application for 7146922074SKonstantin Belousov.Xr mmap 2 . 72*acb1f126SEdward Tomasz Napierala.It Ar nonewprivs 73*acb1f126SEdward Tomasz NapieralaControls disabling the setuid and sgid bits for 74*acb1f126SEdward Tomasz Napierala.Xr execve 2 . 75fab66680SKonstantin Belousov.It Ar kpti 76fab66680SKonstantin BelousovControls the KPTI enable, AMD64 only. 77da477bcdSKonstantin Belousov.It Ar la48 78da477bcdSKonstantin BelousovControl limiting usermode process address space to 48 bits of address, 79da477bcdSKonstantin BelousovAMD64 only, on machines capable of 57-bit addressing. 8014653744SKonstantin Belousov.El 8114653744SKonstantin Belousov.Pp 8214653744SKonstantin BelousovThe 83504748bcSKonstantin Belousov.Ar control 8414653744SKonstantin Belousovspecifies if the selected 8514653744SKonstantin Belousov.Ar mode 8614653744SKonstantin Belousovshould be enabled or disabled. 8714653744SKonstantin BelousovPossible values are 8814653744SKonstantin Belousov.Ar enable 8914653744SKonstantin Belousovand 9014653744SKonstantin Belousov.Ar disable , 9114653744SKonstantin Belousovwith the default value being 9214653744SKonstantin Belousov.Ar enable 9314653744SKonstantin Belousovif not specified. 9414653744SKonstantin BelousovSee 9514653744SKonstantin Belousov.Xr procctl 2 9614653744SKonstantin Belousovfor detailed description of each mode effects and interaction with other 9714653744SKonstantin Belousovprocess control facilities. 9814653744SKonstantin Belousov.Pp 9914653744SKonstantin BelousovThe 100504748bcSKonstantin Belousov.Fl q 10114653744SKonstantin Belousovswitch makes the utility query and print the current setting for 10214653744SKonstantin Belousovthe selected mode. 103504748bcSKonstantin BelousovThe 104504748bcSKonstantin Belousov.Fl q 105504748bcSKonstantin Belousovrequires the query target process specification with 106504748bcSKonstantin Belousov.Fl p . 10714653744SKonstantin Belousov.Sh EXIT STATUS 10814653744SKonstantin Belousov.Ex -std 10914653744SKonstantin Belousov.Sh EXAMPLES 11014653744SKonstantin Belousov.Bl -bullet 11114653744SKonstantin Belousov.It 11214653744SKonstantin BelousovTo disable debuggers attachment to the process 1020, execute 11314653744SKonstantin Belousov.Dl "proccontrol -m trace -s disable -p 1020" 11414653744SKonstantin Belousov.It 11514653744SKonstantin BelousovTo execute the 11614653744SKonstantin Belousov.Xr uniq 1 11714653744SKonstantin Belousovprogram in a mode where capability access violations cause 11814653744SKonstantin Belousov.Dv SIGTRAP 11914653744SKonstantin Belousovdelivery, do 12014653744SKonstantin Belousov.Dl "proccontrol -m trapcap uniq" 12114653744SKonstantin Belousov.It 12214653744SKonstantin BelousovTo query the current ASLR enablement mode for the running 12314653744SKonstantin Belousovprocess 1020, do 12414653744SKonstantin Belousov.Dl "proccontrol -m aslr -q -p 1020" 12514653744SKonstantin Belousov.El 12614653744SKonstantin Belousov.Sh SEE ALSO 12714653744SKonstantin Belousov.Xr kill 2 , 12814653744SKonstantin Belousov.Xr procctl 2 , 12914653744SKonstantin Belousov.Xr ptrace 2 13014653744SKonstantin Belousov.Sh HISTORY 13114653744SKonstantin BelousovThe 13214653744SKonstantin Belousov.Nm 13314653744SKonstantin Belousovcommand appeared in 13414653744SKonstantin Belousov.Fx 10.0 . 13514653744SKonstantin Belousov.Sh AUTHORS 13614653744SKonstantin BelousovThe 13714653744SKonstantin Belousov.Nm 13814653744SKonstantin Belousovcommand and this manual page were written by 13914653744SKonstantin Belousov.An Konstantin Belousov Aq Mt kib@freebsd.org 14014653744SKonstantin Belousovunder sponsorship from The FreeBSD Foundation. 141