diff options
| author | obrien <obrien@FreeBSD.org> | 2011-10-07 05:47:30 +0000 |
|---|---|---|
| committer | obrien <obrien@FreeBSD.org> | 2011-10-07 05:47:30 +0000 |
| commit | 4b04845b065c4c770d9a16578621fff709833557 (patch) | |
| tree | ca76c3bfb443f00f6c5e19395d6b993a33901b56 | |
| parent | 10aa664dd0a391ca75ec8328b24db17639594bf8 (diff) | |
| download | FreeBSD-src-4b04845b065c4c770d9a16578621fff709833557.zip FreeBSD-src-4b04845b065c4c770d9a16578621fff709833557.tar.gz | |
Disallow various debug.kdb sysctl's when securelevel is raised.
PR: 161350
| -rw-r--r-- | share/man/man7/security.7 | 6 | ||||
| -rw-r--r-- | sys/kern/subr_kdb.c | 23 |
2 files changed, 20 insertions, 9 deletions
diff --git a/share/man/man7/security.7 b/share/man/man7/security.7 index ed24435a..197fe3e 100644 --- a/share/man/man7/security.7 +++ b/share/man/man7/security.7 @@ -544,6 +544,12 @@ may not be opened for writing; kernel modules (see .Xr kld 4 ) may not be loaded or unloaded. +The kernel debugger may not be entered using the +.Va debug.kdb.enter +sysctl. +A panic or trap cannot be forced using the +.Va debug.kdb.panic +and other sysctl's. .It Ic 2 Highly secure mode \- same as secure mode, plus disks may not be opened for writing (except by diff --git a/sys/kern/subr_kdb.c b/sys/kern/subr_kdb.c index 76b37a9..1d23f21 100644 --- a/sys/kern/subr_kdb.c +++ b/sys/kern/subr_kdb.c @@ -90,25 +90,30 @@ SYSCTL_PROC(_debug_kdb, OID_AUTO, available, CTLTYPE_STRING | CTLFLAG_RD, NULL, SYSCTL_PROC(_debug_kdb, OID_AUTO, current, CTLTYPE_STRING | CTLFLAG_RW, NULL, 0, kdb_sysctl_current, "A", "currently selected KDB backend"); -SYSCTL_PROC(_debug_kdb, OID_AUTO, enter, CTLTYPE_INT | CTLFLAG_RW, NULL, 0, +SYSCTL_PROC(_debug_kdb, OID_AUTO, enter, + CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_SECURE, NULL, 0, kdb_sysctl_enter, "I", "set to enter the debugger"); -SYSCTL_PROC(_debug_kdb, OID_AUTO, panic, CTLTYPE_INT | CTLFLAG_RW, NULL, 0, +SYSCTL_PROC(_debug_kdb, OID_AUTO, panic, + CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_SECURE, NULL, 0, kdb_sysctl_panic, "I", "set to panic the kernel"); -SYSCTL_PROC(_debug_kdb, OID_AUTO, trap, CTLTYPE_INT | CTLFLAG_RW, NULL, 0, +SYSCTL_PROC(_debug_kdb, OID_AUTO, trap, + CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_SECURE, NULL, 0, kdb_sysctl_trap, "I", "set to cause a page fault via data access"); -SYSCTL_PROC(_debug_kdb, OID_AUTO, trap_code, CTLTYPE_INT | CTLFLAG_RW, NULL, 0, +SYSCTL_PROC(_debug_kdb, OID_AUTO, trap_code, + CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_SECURE, NULL, 0, kdb_sysctl_trap_code, "I", "set to cause a page fault via code access"); -SYSCTL_INT(_debug_kdb, OID_AUTO, break_to_debugger, CTLTYPE_INT | CTLFLAG_RW | - CTLFLAG_TUN, &kdb_break_to_debugger, 0, "Enable break to debugger"); +SYSCTL_INT(_debug_kdb, OID_AUTO, break_to_debugger, + CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_TUN | CTLFLAG_SECURE, + &kdb_break_to_debugger, 0, "Enable break to debugger"); TUNABLE_INT("debug.kdb.break_to_debugger", &kdb_break_to_debugger); -SYSCTL_INT(_debug_kdb, OID_AUTO, alt_break_to_debugger, CTLTYPE_INT | - CTLFLAG_RW | CTLFLAG_TUN, &kdb_alt_break_to_debugger, 0, - "Enable alternative break to debugger"); +SYSCTL_INT(_debug_kdb, OID_AUTO, alt_break_to_debugger, + CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_TUN | CTLFLAG_SECURE, + &kdb_alt_break_to_debugger, 0, "Enable alternative break to debugger"); TUNABLE_INT("debug.kdb.alt_break_to_debugger", &kdb_alt_break_to_debugger); /* |
