git: ac8af1938085 - main - proccontrol(1): Add wxmap control
Konstantin Belousov
kib at FreeBSD.org
Fri Sep 17 12:59:11 UTC 2021
The branch main has been updated by kib:
URL: https://cgit.FreeBSD.org/src/commit/?id=ac8af1938085dae0df32db3229c9d5cb659b90a4
commit ac8af1938085dae0df32db3229c9d5cb659b90a4
Author: Konstantin Belousov <kib at FreeBSD.org>
AuthorDate: 2021-09-01 23:27:58 +0000
Commit: Konstantin Belousov <kib at FreeBSD.org>
CommitDate: 2021-09-17 12:42:07 +0000
proccontrol(1): Add wxmap control
Reviewed by: brooks, emaste, markj
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D31779
---
usr.bin/proccontrol/proccontrol.1 | 4 +++-
usr.bin/proccontrol/proccontrol.c | 24 +++++++++++++++++++++++-
2 files changed, 26 insertions(+), 2 deletions(-)
diff --git a/usr.bin/proccontrol/proccontrol.1 b/usr.bin/proccontrol/proccontrol.1
index b4ed6c268a6a..09ec49431293 100644
--- a/usr.bin/proccontrol/proccontrol.1
+++ b/usr.bin/proccontrol/proccontrol.1
@@ -28,7 +28,7 @@
.\"
.\" $FreeBSD$
.\"
-.Dd July 2, 2021
+.Dd September 2, 2021
.Dt PROCCONTROL 1
.Os
.Sh NAME
@@ -72,6 +72,8 @@ Controls the implicit PROT_MAX application for
.It Ar nonewprivs
Controls disabling the setuid and sgid bits for
.Xr execve 2 .
+.It Ar wxmap
+Controls the write exclusive execute mode for mappings.
.It Ar kpti
Controls the KPTI enable, AMD64 only.
.It Ar la48
diff --git a/usr.bin/proccontrol/proccontrol.c b/usr.bin/proccontrol/proccontrol.c
index 8b34ecbb06d4..d9237c4c6b33 100644
--- a/usr.bin/proccontrol/proccontrol.c
+++ b/usr.bin/proccontrol/proccontrol.c
@@ -46,6 +46,7 @@ enum {
MODE_PROTMAX,
MODE_STACKGAP,
MODE_NO_NEW_PRIVS,
+ MODE_WXMAP,
#ifdef PROC_KPTI_CTL
MODE_KPTI,
#endif
@@ -85,7 +86,7 @@ usage(void)
{
fprintf(stderr, "Usage: proccontrol -m (aslr|protmax|trace|trapcap|"
- "stackgap|nonewprivs"KPTI_USAGE LA_USAGE") [-q] "
+ "stackgap|nonewprivs|wxmap"KPTI_USAGE LA_USAGE") [-q] "
"[-s (enable|disable)] [-p pid | command]\n");
exit(1);
}
@@ -116,6 +117,8 @@ main(int argc, char *argv[])
mode = MODE_STACKGAP;
else if (strcmp(optarg, "nonewprivs") == 0)
mode = MODE_NO_NEW_PRIVS;
+ else if (strcmp(optarg, "wxmap") == 0)
+ mode = MODE_WXMAP;
#ifdef PROC_KPTI_CTL
else if (strcmp(optarg, "kpti") == 0)
mode = MODE_KPTI;
@@ -181,6 +184,9 @@ main(int argc, char *argv[])
error = procctl(P_PID, pid, PROC_NO_NEW_PRIVS_STATUS,
&arg);
break;
+ case MODE_WXMAP:
+ error = procctl(P_PID, pid, PROC_WXMAP_STATUS, &arg);
+ break;
#ifdef PROC_KPTI_CTL
case MODE_KPTI:
error = procctl(P_PID, pid, PROC_KPTI_STATUS, &arg);
@@ -281,6 +287,17 @@ main(int argc, char *argv[])
break;
}
break;
+ case MODE_WXMAP:
+ if ((arg & PROC_WX_MAPPINGS_PERMIT) != 0)
+ printf("enabled");
+ else
+ printf("disabled");
+ if ((arg & PROC_WX_MAPPINGS_DISALLOW_EXEC) != 0)
+ printf(", disabled on exec");
+ if ((arg & PROC_WXORX_ENFORCE) != 0)
+ printf(", wxorx enforced");
+ printf("\n");
+ break;
#ifdef PROC_KPTI_CTL
case MODE_KPTI:
switch (arg & ~PROC_KPTI_STATUS_ACTIVE) {
@@ -353,6 +370,11 @@ main(int argc, char *argv[])
error = procctl(P_PID, pid, PROC_NO_NEW_PRIVS_CTL,
&arg);
break;
+ case MODE_WXMAP:
+ arg = enable ? PROC_WX_MAPPINGS_PERMIT :
+ PROC_WX_MAPPINGS_DISALLOW_EXEC;
+ error = procctl(P_PID, pid, PROC_WXMAP_CTL, &arg);
+ break;
#ifdef PROC_KPTI_CTL
case MODE_KPTI:
arg = enable ? PROC_KPTI_CTL_ENABLE_ON_EXEC :
More information about the dev-commits-src-all
mailing list