diff --git a/lib/libc/sys/procctl.2 b/lib/libc/sys/procctl.2 index 7412c2ee9d5..97509d0fbf0 100644 --- a/lib/libc/sys/procctl.2 +++ b/lib/libc/sys/procctl.2 @@ -72,6 +72,14 @@ Control processes belonging to the process group with the ID The control request to perform is specified by the .Fa cmd argument. +.Pp +All status changing requests +.Dv *_CTL +require the caller to have the right to debug the target. +All status query requests +.DV *_STATUS +require the caller to have the right to observe the target. +.Pp The following commands are supported: .Bl -tag -width PROC_TRAPCAP_STATUS .It Dv PROC_ASLR_CTL diff --git a/sys/kern/kern_procctl.c b/sys/kern/kern_procctl.c index 6229d214022..c3f078f96e8 100644 --- a/sys/kern/kern_procctl.c +++ b/sys/kern/kern_procctl.c @@ -759,7 +759,7 @@ static const struct procctl_cmd_info procctl_cmds_info[] = { [PROC_TRACE_CTL] = { .lock_tree = SA_SLOCKED, .one_proc = false, .esrch_is_einval = false, .no_nonnull_data = false, - .need_candebug = false, + .need_candebug = true, .copyin_sz = sizeof(int), .copyout_sz = 0, .exec = trace_ctl, .copyout_on_error = false, }, [PROC_TRACE_STATUS] = @@ -771,7 +771,7 @@ static const struct procctl_cmd_info procctl_cmds_info[] = { [PROC_TRAPCAP_CTL] = { .lock_tree = SA_SLOCKED, .one_proc = false, .esrch_is_einval = false, .no_nonnull_data = false, - .need_candebug = false, + .need_candebug = true, .copyin_sz = sizeof(int), .copyout_sz = 0, .exec = trapcap_ctl, .copyout_on_error = false, }, [PROC_TRAPCAP_STATUS] = @@ -795,7 +795,7 @@ static const struct procctl_cmd_info procctl_cmds_info[] = { [PROC_ASLR_CTL] = { .lock_tree = SA_UNLOCKED, .one_proc = true, .esrch_is_einval = false, .no_nonnull_data = false, - .need_candebug = false, + .need_candebug = true, .copyin_sz = sizeof(int), .copyout_sz = 0, .exec = aslr_ctl, .copyout_on_error = false, }, [PROC_ASLR_STATUS] = @@ -807,7 +807,7 @@ static const struct procctl_cmd_info procctl_cmds_info[] = { [PROC_PROTMAX_CTL] = { .lock_tree = SA_UNLOCKED, .one_proc = true, .esrch_is_einval = false, .no_nonnull_data = false, - .need_candebug = false, + .need_candebug = true, .copyin_sz = sizeof(int), .copyout_sz = 0, .exec = protmax_ctl, .copyout_on_error = false, }, [PROC_PROTMAX_STATUS] = @@ -819,7 +819,7 @@ static const struct procctl_cmd_info procctl_cmds_info[] = { [PROC_STACKGAP_CTL] = { .lock_tree = SA_UNLOCKED, .one_proc = true, .esrch_is_einval = false, .no_nonnull_data = false, - .need_candebug = false, + .need_candebug = true, .copyin_sz = sizeof(int), .copyout_sz = 0, .exec = stackgap_ctl, .copyout_on_error = false, }, [PROC_STACKGAP_STATUS] = @@ -831,7 +831,7 @@ static const struct procctl_cmd_info procctl_cmds_info[] = { [PROC_NO_NEW_PRIVS_CTL] = { .lock_tree = SA_SLOCKED, .one_proc = true, .esrch_is_einval = false, .no_nonnull_data = false, - .need_candebug = false, + .need_candebug = true, .copyin_sz = sizeof(int), .copyout_sz = 0, .exec = no_new_privs_ctl, .copyout_on_error = false, }, [PROC_NO_NEW_PRIVS_STATUS] = @@ -843,7 +843,7 @@ static const struct procctl_cmd_info procctl_cmds_info[] = { [PROC_WXMAP_CTL] = { .lock_tree = SA_UNLOCKED, .one_proc = true, .esrch_is_einval = false, .no_nonnull_data = false, - .need_candebug = false, + .need_candebug = true, .copyin_sz = sizeof(int), .copyout_sz = 0, .exec = wxmap_ctl, .copyout_on_error = false, }, [PROC_WXMAP_STATUS] =