Prctl () function application

Int prctl (INT option, unsigned longarg2, unsigned long arg3, unsigned long arg4, unsigned long arg5)

This system call command is designed for the process. A clear choice depends on option:

Pr_get_pdeathsig: returns the processor signal;

 

Pr_set_pdeathsig: arg2 is input as the processor signal pdeath, just as its name. If the parent process cannot be reused, the process accepts this signal.

 

Pr_get_dumpable: returns the processor identifier dumpable;

 

Pr_set_dumpable: arg2 serves as the processor to indicate that dumpable is input.

 

Pr_get_name: return the name of the Process calling the process to the arg2 parameter. (Since linux2.6.9)

 

Pr_set_name: The arg2 parameter is the name of the calling process. (Sincelinux 2.6.11)

 

Pr_get_timing:

 

Pr_set_timing: determines and modifies the process Timing mode, used to enable the traditional process Timing Mode

 

Pr_timing_statistical, or used to enable timestamp-based process Timing Mode

 

Pr_timing_timestamp.

 

Cap_chown functions:

In a system defined by the _ posix_chown_restricted function. This will bypass changing all permissions of the system file owner and group.

 

Cap_dac_overried:

If _ posix_acl is defined, all DAC access will be crossed, including ACL access, which will be excluded by cap_linux_immutable.

DAC access

 

Cap_dac_read_search:

If _ posix_acl is defined, all DAC read restrictions are crossed,

Search all files and directories, including ACL restrictions. Use cap_linux_immutable to restrict DAC access

 

Cap_fowner function:

Beyond the file, some restrictions are allowed. For example, the owner ID of the file must be the same as the user ID, except that cap_fsetid is available. It does not go beyond Mac and DAC restrictions

 

Cap_fsetid function:

Beyond the limits that the user ID must match the owner ID when setting the s_isuid and s_isgid bits of the file, the Group ID

It must match the owner ID. chown is used to set the functional limits of s_isuid and s_isgid.

 

Cap_fs_mask function:

Used to respond to suser () or fsuser ().

 

Cap_kill:

A process with a valid user ID must match a valid user ID when sending signals.

 

Cap_setgid:

Allow setgid () and setgroups ()

Allow forgery of GID in socket

 

Cap_setuid function:

Allow the Set * UID () function to allow forgery of PID in socket

 

Cap_setpcap:

Grant all permissions to all PIDs. Or delete all licenses.

 

Cap_linux_immutable:

The attributes of s_immutable and s_append files can be changed.

 

Cap_net_bind_service:

Allow binding of TCP/UDP sockets under 1024

 

Cap_net_broadcast:

Allow broadcast and listen for multi-point transfer

 

Cap_net_admin:

Allow configuration interface

Allow Management of IP firewall IP camouflage and accounts

Allow configuring socket debugging options

Allow route table modification

Allow configuring the group attributes of processes on the socket

Allow binding transparent proxies for all addresses

Allow configuration of TOS (service type)

Allow mixed mode configuration

Allow clear driver status

Multi-Point Transfer allowed

Allow reading or writing system records

 

Cap_net_raw:

Allow raw socket

Allow PACKET socket

 

Cap_ipc_lock function:

Allowed to specify the shared memory segment

Allow mlock and mlockall

 

Cap_ipc_owner function:

Cross IPC ownership check

 

Cap_sys_module function:

Insert or delete a kernel module

 

Cap_sys_rawio:

Allow access to ioperm/iopl and/dev/prot

Allow/dev/MEM and/dev/kmem access

Allow block Device Access (/dev/[sh] D ??)

 

Cap_sys_chroot:

Allow chroot ()

 

Cap_sys_ptrace:

Allow ptrace () Any process

 

Cap_sys_pacct:

Allow process account Configuration

 

Cap_sys_admin:

Allow security key Configuration

Allow random device management

Allow device management

Check and configure the disk quota

Allow kernel log Configuration

Domain Name configuration allowed

Allow host name Configuration

Allows you to call the bdflush () command.

Allow Mount () and umount () commands

Allow SMB connection Configuration

Allow root IOCTLs

Allow nfsservctl

Allow vm86_request_irq

Allow read and write PCI configurations on Alpha

Allowed irix_prctl on MIPS

Allow refresh of all m68k caches

Allowed to delete semaphores

Use cap_chown to replace "chown" IPC message queue, flag and shared memory

Allow locking or unlocking shared memory segments

Swap switch allowed

Allowed to disguise PIDs in socket

Allows you to set cache refresh for Block devices.

Allow floppy disk drive settings

Enable DMA Switch

Allows Management of MD Devices

Allows the management of IDE drivers

Allows access to NVRAM Devices

Allows Management of apm_bios, serial port, or bttv Devices

Allows command generation under the isdn capi driver

Allows reading non-standard configurations of PCI

Allow DDI to debug IOCTL

Allow sending qic-117 commands

Allows you to start or disable SCSI control and send SCSI commands. allows you to configure encryption passwords on the loop file system.

 

Cap_sys_boot:

Allow reboot () commands

 

Cap_sys_nice features:

Allows you to raise or set priority for other processes

Allow fiso and real-time arrangement and configuration in your own processes

 

Cap_sys_resource function:

Beyond the resource limit, set the resource limit

Beyond the quota limit

Ext2 file system retained

Allow real-time clock interruptions larger than 64Hz

Beyond the maximum number of control terminals

Exceed the maximum number of keys

 

Cap_sys_time function:

Allow system clock Processing

Allowed _ stime

Allows setting real-time clock

 

Cap_sys_tty_config:

Allow Terminal Device Configuration

Allow vhangup () Terminals

 

Return Value

 

If pr_get_dumpable and pr_get_keepcaps are successful, 0 or 1 is returned. If all other option values are successful, 0 is returned.

-1 is returned when an error occurs, and the corresponding error number is set.

 

Einval ---- the value of option is incorrect, or when it is pr_set_pdeathsig, the value of arg2 is not 0 or a signal number.

 

Ebadf ---- invalid Descriptor

 

Example: For multi-threaded applications, if you can name each thread, the convenience of debugging is self-evident.

#include<stdio.h>
#include<pthread.h>
#include<sys/prctl.h>

void* tmain(void*arg)
{
char name[32];
prctl(PR_SET_NAME,(unsignedlong)"xx");
prctl(PR_GET_NAME,(unsignedlong)name);
printf("%s/n", name);
while(1)
sleep(1);
}

int main(void)
{
pthread_t tid;
pthread_create(&tid,NULL, tmain,NULL);
pthread_join(tid,NULL);

return 0;
}

Compile and run:

 

Xiaosuo @ gentux test $ GCC t_threadname.c-lpthread

Xiaosuo @ gentux test $./A. Out

Xx

On another terminal, find the PID of A. out through PS:

Xiaosuo @ gentux test $ PS aux | grep A. Out

Xiaosuo 29882 0.0 0.0 14144 pts/6 SL +./A. Out

 

Check whether the name works:

 

Xiaosuo @ gentux test $ CD/proc/29882/task/

Xiaosuo @ gentux task $ ls

29882 29883

Xiaosuo @ gentux task $ CD 29883/

Xiaosuo @ gentux 29883 $ cat ticket line

./A. outxiaosuo @ gentux 29883 $

 

A little depressing. The line display is still./A. Out. Check the prctl return value through the XX and strace printed at run time to confirm that the prctl is indeed running successfully. I suspect that this name can only be obtained through prctl. It is a bit lost, but it is still unwilling. View PS man and experiment, and finally find "XX ":

Xiaosuo @ gentux 29883 $ PS-l-P 29882

PID lwp tty time cmd

29882 29882 pts/6 00:00:00 A. Out

29882 29883 pts/6 00:00:00 xx

 

After strace knows that this "XX" is actually hidden in stat and status:

Xiaosuo @ gentux 29883 $ cat stat