FreeBSD Manual Pages

home | help

PROCCONTROL(1)		    General Commands Manual		PROCCONTROL(1)

NAME
       proccontrol -- Control some process execution aspects

SYNOPSIS
       proccontrol -m mode -s control -p pid | command
       proccontrol -m mode -q [-p pid |	command]

DESCRIPTION
       The  proccontrol	 command  modifies the execution parameter of existing
       process specified by the	pid argument, or starts	execution of  the  new
       program command with the	execution parameter set	for it.

       Which execution parameter is changed, selected by the mandatory parame-
       ter mode.  Possible values for mode are:

       aslr	   Control  the	 Address Space Layout Randomization.  Only ap-
		   plicable to the new process spawned.

       trace	   Control the permission for debuggers	to attach.  Note  that
		   process  is	only allowed to	enable tracing for itself, not
		   for any other process.

       trapcap	   Controls the	signalling of capability  mode	access	viola-
		   tions.

       protmax	   Controls the	implicit PROT_MAX application for mmap(2).

       nonewprivs  Controls disabling the setuid and sgid bits for execve(2).

       wxmap	   Controls the	write exclusive	execute	mode for mappings.

       kpti	   Controls the	KPTI enable, AMD64 only.

       la48	   Control  limiting usermode process address space to 48 bits
		   of address, AMD64 only, on machines capable of  57-bit  ad-
		   dressing.

       logsigexit  Controls  the  logging  of exits due	to a signal that would
		   normally cause a core dump.

       The control specifies if	the selected mode should be  enabled  or  dis-
       abled.	Possible values	are enable and disable,	with the default value
       being enable if not specified.  See procctl(2) for detailed description
       of each mode effects and	interaction with other process control facili-
       ties.

       The -q switch makes the utility query and print the current setting for
       the selected mode.  The -q requires the query target process specifica-
       tion with -p.

EXIT STATUS
       The proccontrol utility exits 0 on success, and >0 if an	error occurs.

EXAMPLES
       •   To disable debuggers	attachment to the process 1020,	execute
		 proccontrol -m	trace -s disable -p 1020

       •   To execute the uniq(1) program in a mode  where  capability	access
	   violations cause SIGTRAP delivery, do
		 proccontrol -m	trapcap	uniq

       •   To  query  the current ASLR enablement mode for the running process
	   1020, do
		 proccontrol -m	aslr -q	-p 1020

SEE ALSO
       kill(2),	procctl(2), ptrace(2), mitigations(7)

HISTORY
       The proccontrol command appeared	in FreeBSD 10.0.

AUTHORS
       The proccontrol command and this	manual page were written by Konstantin
       Belousov	<kib@freebsd.org> under	sponsorship from The  FreeBSD  Founda-
       tion.

FreeBSD	15.0		       December	14, 2024		PROCCONTROL(1)

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=proccontrol&sektion=1&manpath=FreeBSD+15.0-RELEASE+and+Ports>

home | help

Header And Logo

Peripheral Links

Site Navigation

FreeBSD Manual Pages

Header And Logo

Peripheral Links

Search

Site Navigation

FreeBSD Manual Pages