The branch main has been updated by kib: URL: https://cgit.FreeBSD.org/src/commit/?id=ac8af1938085dae0df32db3229c9d5cb659b90a4
commit ac8af1938085dae0df32db3229c9d5cb659b90a4 Author: Konstantin Belousov <[email protected]> AuthorDate: 2021-09-01 23:27:58 +0000 Commit: Konstantin Belousov <[email protected]> CommitDate: 2021-09-17 12:42:07 +0000 proccontrol(1): Add wxmap control Reviewed by: brooks, emaste, markj Sponsored by: The FreeBSD Foundation MFC after: 1 week Differential revision: https://reviews.freebsd.org/D31779 --- usr.bin/proccontrol/proccontrol.1 | 4 +++- usr.bin/proccontrol/proccontrol.c | 24 +++++++++++++++++++++++- 2 files changed, 26 insertions(+), 2 deletions(-) diff --git a/usr.bin/proccontrol/proccontrol.1 b/usr.bin/proccontrol/proccontrol.1 index b4ed6c268a6a..09ec49431293 100644 --- a/usr.bin/proccontrol/proccontrol.1 +++ b/usr.bin/proccontrol/proccontrol.1 @@ -28,7 +28,7 @@ .\" .\" $FreeBSD$ .\" -.Dd July 2, 2021 +.Dd September 2, 2021 .Dt PROCCONTROL 1 .Os .Sh NAME @@ -72,6 +72,8 @@ Controls the implicit PROT_MAX application for .It Ar nonewprivs Controls disabling the setuid and sgid bits for .Xr execve 2 . +.It Ar wxmap +Controls the write exclusive execute mode for mappings. .It Ar kpti Controls the KPTI enable, AMD64 only. .It Ar la48 diff --git a/usr.bin/proccontrol/proccontrol.c b/usr.bin/proccontrol/proccontrol.c index 8b34ecbb06d4..d9237c4c6b33 100644 --- a/usr.bin/proccontrol/proccontrol.c +++ b/usr.bin/proccontrol/proccontrol.c @@ -46,6 +46,7 @@ enum { MODE_PROTMAX, MODE_STACKGAP, MODE_NO_NEW_PRIVS, + MODE_WXMAP, #ifdef PROC_KPTI_CTL MODE_KPTI, #endif @@ -85,7 +86,7 @@ usage(void) { fprintf(stderr, "Usage: proccontrol -m (aslr|protmax|trace|trapcap|" - "stackgap|nonewprivs"KPTI_USAGE LA_USAGE") [-q] " + "stackgap|nonewprivs|wxmap"KPTI_USAGE LA_USAGE") [-q] " "[-s (enable|disable)] [-p pid | command]\n"); exit(1); } @@ -116,6 +117,8 @@ main(int argc, char *argv[]) mode = MODE_STACKGAP; else if (strcmp(optarg, "nonewprivs") == 0) mode = MODE_NO_NEW_PRIVS; + else if (strcmp(optarg, "wxmap") == 0) + mode = MODE_WXMAP; #ifdef PROC_KPTI_CTL else if (strcmp(optarg, "kpti") == 0) mode = MODE_KPTI; @@ -181,6 +184,9 @@ main(int argc, char *argv[]) error = procctl(P_PID, pid, PROC_NO_NEW_PRIVS_STATUS, &arg); break; + case MODE_WXMAP: + error = procctl(P_PID, pid, PROC_WXMAP_STATUS, &arg); + break; #ifdef PROC_KPTI_CTL case MODE_KPTI: error = procctl(P_PID, pid, PROC_KPTI_STATUS, &arg); @@ -281,6 +287,17 @@ main(int argc, char *argv[]) break; } break; + case MODE_WXMAP: + if ((arg & PROC_WX_MAPPINGS_PERMIT) != 0) + printf("enabled"); + else + printf("disabled"); + if ((arg & PROC_WX_MAPPINGS_DISALLOW_EXEC) != 0) + printf(", disabled on exec"); + if ((arg & PROC_WXORX_ENFORCE) != 0) + printf(", wxorx enforced"); + printf("\n"); + break; #ifdef PROC_KPTI_CTL case MODE_KPTI: switch (arg & ~PROC_KPTI_STATUS_ACTIVE) { @@ -353,6 +370,11 @@ main(int argc, char *argv[]) error = procctl(P_PID, pid, PROC_NO_NEW_PRIVS_CTL, &arg); break; + case MODE_WXMAP: + arg = enable ? PROC_WX_MAPPINGS_PERMIT : + PROC_WX_MAPPINGS_DISALLOW_EXEC; + error = procctl(P_PID, pid, PROC_WXMAP_CTL, &arg); + break; #ifdef PROC_KPTI_CTL case MODE_KPTI: arg = enable ? PROC_KPTI_CTL_ENABLE_ON_EXEC : _______________________________________________ [email protected] mailing list https://lists.freebsd.org/mailman/listinfo/dev-commits-src-all To unsubscribe, send any mail to "[email protected]"
