diff --git a/man2/prctl.2 b/man2/prctl.2 index e4deea803..337edd71c 100644 --- a/man2/prctl.2 +++ b/man2/prctl.2 @@ -37,9 +37,8 @@ .\" 2008-06-13 Erik Bosman, .\" Document PR_GET_TSC and PR_SET_TSC. .\" 2008-06-15 mtk, Document PR_SET_SECCOMP, PR_GET_SECCOMP -.\" FIXME . reorder commands alphabetically .\" -.TH PRCTL 2 2008-07-15 "Linux" "Linux Programmer's Manual" +.TH PRCTL 2 2008-07-16 "Linux" "Linux Programmer's Manual" .SH NAME prctl \- operations on a process .SH SYNOPSIS @@ -56,66 +55,6 @@ is called with a first argument describing what to do arguments with a significance depending on the first one. The first argument can be: .TP -.BR PR_SET_PDEATHSIG " (since Linux 2.1.57)" -Set the parent process death signal -of the calling process to \fIarg2\fP (either a signal value -in the range 1..maxsig, or 0 to clear). -This is the signal that the calling process will get when its -parent dies. -This value is cleared for the child of a -.BR fork (2). -.TP -.BR PR_GET_PDEATHSIG " (since Linux 2.3.15)" -Return the current value of the parent process death signal, -in the location pointed to by -.IR "(int\ *) arg2" . -.TP -.BR PR_SET_DUMPABLE " (since Linux 2.3.20)" -Set the state of the flag determining whether core dumps are produced -for this process upon delivery of a signal whose default behavior is -to produce a core dump. -(Normally this flag is set for a process by default, but it is cleared -when a set-user-ID or set-group-ID program is executed and also by -various system calls that manipulate process UIDs and GIDs). -In kernels up to and including 2.6.12, -.I arg2 -must be either 0 (process is not dumpable) or 1 (process is dumpable). -Between kernels 2.6.13 and 2.6.17, the value 2 was also permitted, -which caused any binary which normally would not be dumped -to be dumped readable by root only; -for security reasons, this feature has been removed. -.\" See http://marc.theaimsgroup.com/?l=linux-kernel&m=115270289030630&w=2 -.\" Subject: Fix prctl privilege escalation (CVE-2006-2451) -.\" From: Marcel Holtmann -.\" Date: 2006-07-12 11:12:00 -(See also the description of -.I /proc/sys/fs/suid_dumpable -in -.BR proc (5).) -.TP -.BR PR_GET_DUMPABLE " (since Linux 2.3.20)" -Return (as the function result) the current state of the calling -process's dumpable flag. -.\" Since Linux 2.6.13, the dumpable flag can have the value 2, -.\" but in 2.6.13 PR_GET_DUMPABLE simply returns 1 if the dumpable -.\" flags has a non-zero value. This was fixed in 2.6.14. -.TP -.BR PR_SET_KEEPCAPS " (since Linux 2.2.18)" -Set the state of the thread's "keep capabilities" flag, -which determines whether the threads's effective and permitted -capability sets are cleared when a change is made to the threads's user IDs -such that the threads's real UID, effective UID, and saved set-user-ID -all become non-zero when at least one of them previously had the value 0. -(By default, these credential sets are cleared). -.I arg2 -must be either 0 (capabilities are cleared) or 1 (capabilities are kept). -This value will be reset to 0 on subsequent calls to -.BR execve (2). -.TP -.BR PR_GET_KEEPCAPS " (since Linux 2.2.18)" -Return (as the function result) the current state of the calling threads's -"keep capabilities" flag. -.TP .BR PR_CAPBSET_READ " (since Linux 2.6.25) Return (as the function result) 1 if the capability specified in .I arg2 @@ -154,72 +93,35 @@ does not represent a valid capability; or if file capabilities are not enabled in the kernel, in which case bounding sets are not supported. .TP -.BR PR_SET_SECUREBITS " (since Linux 2.6.26)" -Set the "securebits" flags of the calling thread to the value supplied in -.IR arg2 . -See -.BR capabilities (7). -.TP -.BR PR_GET_SECUREBITS " (since Linux 2.6.26)" -Return (as the function result) -the "securebits" flags of the calling thread. -See -.BR capabilities (7). -.TP -.BR PR_SET_TSC " (since Linux 2.6.26, x86 only)" -Set the state of the flag determining whether the timestamp counter -can be read by the process. -Pass -.B PR_TSC_ENABLE -to +.BR PR_SET_DUMPABLE " (since Linux 2.3.20)" +Set the state of the flag determining whether core dumps are produced +for this process upon delivery of a signal whose default behavior is +to produce a core dump. +(Normally this flag is set for a process by default, but it is cleared +when a set-user-ID or set-group-ID program is executed and also by +various system calls that manipulate process UIDs and GIDs). +In kernels up to and including 2.6.12, .I arg2 -to allow it to be read, or -.B PR_TSC_SIGSEGV -to generate a -.B SIGSEGV -when the process tries to read the timestamp counter. +must be either 0 (process is not dumpable) or 1 (process is dumpable). +Between kernels 2.6.13 and 2.6.17, the value 2 was also permitted, +which caused any binary which normally would not be dumped +to be dumped readable by root only; +for security reasons, this feature has been removed. +.\" See http://marc.theaimsgroup.com/?l=linux-kernel&m=115270289030630&w=2 +.\" Subject: Fix prctl privilege escalation (CVE-2006-2451) +.\" From: Marcel Holtmann +.\" Date: 2006-07-12 11:12:00 +(See also the description of +.I /proc/sys/fs/suid_dumpable +in +.BR proc (5).) .TP -.BR PR_GET_TSC " (since Linux 2.6.26, x86 only)" -Return the state of the flag determining whether the timestamp counter -can be read, -in the location pointed to by -.IR "(int\ *) arg2" . -.TP -.BR PR_SET_TIMING " (since Linux 2.6.0-test4)" -Set whether to use (normal, traditional) statistical process timing or -accurate timestamp based process timing, by passing -.B PR_TIMING_STATISTICAL -.\" 0 -or -.B PR_TIMING_TIMESTAMP -.\" 1 -to \fIarg2\fP. -.B PR_TIMING_TIMESTAMP -is not currently implemented -(attempting to set this mode will yield the error -.BR EINVAL ). -.\" PR_TIMING_TIMESTAMP doesn't do anything in 2.6.26-rc8, -.\" and looking at the patch history, it appears -.\" that it never did anything. -.TP -.BR PR_GET_TIMING " (since Linux 2.6.0-test4)" -Return (as the function result) which process timing method is currently -in use. -.TP -.BR PR_SET_NAME " (since Linux 2.6.9)" -Set the process name for the calling process, -using the value in the location pointed to by -.IR "(char\ *) arg2" . -The name can be up to 16 bytes long, -.\" TASK_COMM_LEN in include/linux/sched.h -and should be null terminated if it contains fewer bytes. -.TP -.BR PR_GET_NAME " (since Linux 2.6.11)" -Return the process name for the calling process, -in the buffer pointed to by -.IR "(char\ *) arg2" . -The buffer should allow space for up to 16 bytes; -the returned string will be null terminated if it is shorter than that. +.BR PR_GET_DUMPABLE " (since Linux 2.3.20)" +Return (as the function result) the current state of the calling +process's dumpable flag. +.\" Since Linux 2.6.13, the dumpable flag can have the value 2, +.\" but in 2.6.13 PR_GET_DUMPABLE simply returns 1 if the dumpable +.\" flags has a non-zero value. This was fixed in 2.6.14. .TP .BR PR_SET_ENDIAN " (since Linux 2.6.18, PowerPC only)" Set the endian-ness of the calling process to the value given @@ -236,23 +138,6 @@ Return the endian-ness of the calling process, in the location pointed to by .IR "(int\ *) arg2" . .TP -.B PR_SET_UNALIGN -(Only on: ia64, since Linux 2.3.48; parisc, since Linux 2.6.15; -PowerPC, since Linux 2.6.18; Alpha, since Linux 2.6.22) -Set unaligned access control bits to \fIarg2\fP. -Pass -\fBPR_UNALIGN_NOPRINT\fP to silently fix up unaligned user accesses, -or \fBPR_UNALIGN_SIGBUS\fP to generate -.B SIGBUS -on unaligned user access. -.TP -.B PR_GET_UNALIGN -(see -.B PR_SET_UNALIGN -for information on versions and architectures) -Return unaligned access control bits, in the location pointed to by -.IR "(int\ *) arg2" . -.TP .BR PR_SET_FPEMU " (since Linux 2.4.18, 2.5.9, only on ia64)" Set floating-point emulation control bits to \fIarg2\fP. Pass \fBPR_FPEMU_NOPRINT\fP to silently emulate fp operations accesses, or @@ -283,6 +168,51 @@ Return floating-point exception mode, in the location pointed to by .IR "(int\ *) arg2" . .TP +.BR PR_SET_KEEPCAPS " (since Linux 2.2.18)" +Set the state of the thread's "keep capabilities" flag, +which determines whether the threads's effective and permitted +capability sets are cleared when a change is made to the threads's user IDs +such that the threads's real UID, effective UID, and saved set-user-ID +all become non-zero when at least one of them previously had the value 0. +(By default, these credential sets are cleared). +.I arg2 +must be either 0 (capabilities are cleared) or 1 (capabilities are kept). +This value will be reset to 0 on subsequent calls to +.BR execve (2). +.TP +.BR PR_GET_KEEPCAPS " (since Linux 2.2.18)" +Return (as the function result) the current state of the calling threads's +"keep capabilities" flag. +.TP +.BR PR_SET_NAME " (since Linux 2.6.9)" +Set the process name for the calling process, +using the value in the location pointed to by +.IR "(char\ *) arg2" . +The name can be up to 16 bytes long, +.\" TASK_COMM_LEN in include/linux/sched.h +and should be null terminated if it contains fewer bytes. +.TP +.BR PR_GET_NAME " (since Linux 2.6.11)" +Return the process name for the calling process, +in the buffer pointed to by +.IR "(char\ *) arg2" . +The buffer should allow space for up to 16 bytes; +the returned string will be null terminated if it is shorter than that. +.TP +.BR PR_SET_PDEATHSIG " (since Linux 2.1.57)" +Set the parent process death signal +of the calling process to \fIarg2\fP (either a signal value +in the range 1..maxsig, or 0 to clear). +This is the signal that the calling process will get when its +parent dies. +This value is cleared for the child of a +.BR fork (2). +.TP +.BR PR_GET_PDEATHSIG " (since Linux 2.3.15)" +Return the current value of the parent process death signal, +in the location pointed to by +.IR "(int\ *) arg2" . +.TP .BR PR_SET_SECCOMP " (since Linux 2.6.23)" .\" See http://thread.gmane.org/gmane.linux.kernel/542632 .\" [PATCH 0 of 2] seccomp updates @@ -319,6 +249,75 @@ call will cause a signal to be sent to the process. This operation is only available if the kernel is configured with CONFIG_SECCOMP enabled. +.TP +.BR PR_SET_SECUREBITS " (since Linux 2.6.26)" +Set the "securebits" flags of the calling thread to the value supplied in +.IR arg2 . +See +.BR capabilities (7). +.TP +.BR PR_GET_SECUREBITS " (since Linux 2.6.26)" +Return (as the function result) +the "securebits" flags of the calling thread. +See +.BR capabilities (7). +.TP +.BR PR_SET_TIMING " (since Linux 2.6.0-test4)" +Set whether to use (normal, traditional) statistical process timing or +accurate timestamp based process timing, by passing +.B PR_TIMING_STATISTICAL +.\" 0 +or +.B PR_TIMING_TIMESTAMP +.\" 1 +to \fIarg2\fP. +.B PR_TIMING_TIMESTAMP +is not currently implemented +(attempting to set this mode will yield the error +.BR EINVAL ). +.\" PR_TIMING_TIMESTAMP doesn't do anything in 2.6.26-rc8, +.\" and looking at the patch history, it appears +.\" that it never did anything. +.TP +.BR PR_GET_TIMING " (since Linux 2.6.0-test4)" +Return (as the function result) which process timing method is currently +in use. +.TP +.BR PR_SET_TSC " (since Linux 2.6.26, x86 only)" +Set the state of the flag determining whether the timestamp counter +can be read by the process. +Pass +.B PR_TSC_ENABLE +to +.I arg2 +to allow it to be read, or +.B PR_TSC_SIGSEGV +to generate a +.B SIGSEGV +when the process tries to read the timestamp counter. +.TP +.BR PR_GET_TSC " (since Linux 2.6.26, x86 only)" +Return the state of the flag determining whether the timestamp counter +can be read, +in the location pointed to by +.IR "(int\ *) arg2" . +.TP +.B PR_SET_UNALIGN +(Only on: ia64, since Linux 2.3.48; parisc, since Linux 2.6.15; +PowerPC, since Linux 2.6.18; Alpha, since Linux 2.6.22) +Set unaligned access control bits to \fIarg2\fP. +Pass +\fBPR_UNALIGN_NOPRINT\fP to silently fix up unaligned user accesses, +or \fBPR_UNALIGN_SIGBUS\fP to generate +.B SIGBUS +on unaligned user access. +.TP +.B PR_GET_UNALIGN +(see +.B PR_SET_UNALIGN +for information on versions and architectures) +Return unaligned access control bits, in the location pointed to by +.IR "(int\ *) arg2" . .SH "RETURN VALUE" On success, .BR PR_GET_DUMPABLE ,