setproctitle man page
setproctitle — set process title
setproctitle_init(int argc, char *argv, char *envp);
setproctitle(const char *fmt, ...);
The setproctitle() library routine sets the process title that appears on the ps(1) command.
The setproctitle_init() library routine only needs to be called (before any call to setproctitle() and with main() arguments), if the automatic constructor support has not been linked in through the libbsd-ctor pkg-config file.
The title is set from the executable's name, followed by the result of a printf(3) style expansion of the arguments as specified by the fmt argument. If the fmt argument begins with a “-” character, the executable's name is skipped.
If fmt is NULL, the process title is restored.
To set the title on a daemon to indicate its activity:
setproctitle("talking to %s", inet_ntoa(addr));
ps(1), w(1), kvm(3), kvm_getargv(3), printf(3)
The setproctitle() function is implicitly non-standard. Other methods of causing the ps(1) command line to change, including copying over the argv string are also implicitly non-portable. It is preferable to use an operating system supplied setproctitle() if present.
Unfortunately, it is possible that there are other calling conventions to other versions of setproctitle(), although none have been found by the author as yet. This is believed to be the predominant convention.
It is thought that the implementation is compatible with other systems, including NetBSD and BSD/OS.
The setproctitle() function first appeared in FreeBSD 2.2. Other operating systems have similar functions.
The setproctitle_init() function is a libbsd extension not present on the BSDs, avoid using it in portable code.
Sendmail 8.7.3 source code by ⟨firstname.lastname@example.org⟩.⟨peter@FreeBSD.org⟩ stole the idea from the
Never pass a string with user-supplied data as a format without using ‘
%s’. An attacker can put format specifiers in the string to mangle your stack, leading to a possible security hole. This holds true even if the string was built using a function like snprintf(), as the resulting string may still contain user-supplied conversion specifiers for later interpolation by setproctitle().
Always use the proper secure idiom: