[src/trunk]: src/share/man/man7 Document security.pax.mprotect.ptrace

To: source-changes-hg%NetBSD.org@localhost
Subject: [src/trunk]: src/share/man/man7 Document security.pax.mprotect.ptrace
From: christos <christos%NetBSD.org@localhost>
Date: Tue, 07 Apr 2020 06:18:01 +0000

details:   https://anonhg.NetBSD.org/src/rev/772dff244b0d
branches:  trunk
changeset: 815557:772dff244b0d
user:      christos <christos%NetBSD.org@localhost>
date:      Wed May 25 19:52:32 2016 +0000

description:
Document security.pax.mprotect.ptrace

diffstat:

 share/man/man7/sysctl.7 |  18 ++++++++++++++++--
 1 files changed, 16 insertions(+), 2 deletions(-)

diffs (46 lines):

diff -r bf24fa5aa605 -r 772dff244b0d share/man/man7/sysctl.7
--- a/share/man/man7/sysctl.7   Wed May 25 18:35:13 2016 +0000
+++ b/share/man/man7/sysctl.7   Wed May 25 19:52:32 2016 +0000
@@ -1,4 +1,4 @@
-.\"    $NetBSD: sysctl.7,v 1.99 2016/03/30 05:55:04 ozaki-r Exp $
+.\"    $NetBSD: sysctl.7,v 1.100 2016/05/25 19:52:32 christos Exp $
 .\"
 .\" Copyright (c) 1993
 .\"    The Regents of the University of California.  All rights reserved.
@@ -29,7 +29,7 @@
 .\"
 .\"    @(#)sysctl.3    8.4 (Berkeley) 5/9/95
 .\"
-.Dd March 30, 2016
+.Dd May 25, 2016
 .Dt SYSCTL 7
 .Os
 .Sh NAME
@@ -2414,6 +2414,7 @@
 .\".It Li security.pax.aslr.stack_len  integer yes
 .It Li security.pax.mprotect.enabled   integer yes
 .It Li security.pax.mprotect.global    integer yes
+.It Li security.pax.mprotect.ptrace    integer yes
 .It Li security.pax.segvguard.enabled  integer yes
 .It Li security.pax.segvguard.expiry_timeout   integer yes
 .It Li security.pax.segvguard.global   integer yes
@@ -2461,6 +2462,19 @@
 Otherwise, all programs will not get the PaX MPROTECT restrictions,
 except those specifically marked as such with
 .Xr paxctl 8 .
+.It Li security.pax.mprotect.ptrace
+This variable allows
+.Xr ptrace 2
+to override PaX MPROTECT permissions.
+It can have the following values:
+.Bl -tag -width XX -compact
+.It 0
+Does not let override any permissions.
+.It 1
+Disables PaX MPROTECT from processes that start executing while traced (default).
+.It 2
+Bypasses PaX MPROTECT for all processes being traced.
+.El
 .It Li security.pax.segvguard.enabled
 Enable PaX Segvguard.
 .Pp

Prev by Date: [src/trunk]: src/sys/external/bsd/acpica/dist Apply patch https://github.com/...
Next by Date: [src/trunk]: src/sys Give 0, 1, 2 for security.pax.mprotect.ptrace and make it ...
Previous by Thread: [src/trunk]: src/sys/external/bsd/acpica/dist Apply patch https://github.com/...
Next by Thread: [src/trunk]: src/sys Give 0, 1, 2 for security.pax.mprotect.ptrace and make it ...
Indexes:

Home | Main Index | Thread Index | Old Index