D37122.id112193.diff
No OneTemporary
Actions

Size

4 KB

Referenced Files

None

Subscribers

None

D37122.id112193.diff
View Options

	diff --git a/sys/kern/kern_shutdown.c b/sys/kern/kern_shutdown.c
	--- a/sys/kern/kern_shutdown.c
	+++ b/sys/kern/kern_shutdown.c
	@@ -129,18 +129,18 @@
	int debugger_on_panic = 1;
	#endif
	SYSCTL_INT(_debug, OID_AUTO, debugger_on_panic,
	- CTLFLAG_RWTUN \| CTLFLAG_SECURE,
	- &debugger_on_panic, 0, "Run debugger on kernel panic");
	+ CTLFLAG_RWTUN, &debugger_on_panic, 0,
	+ "Run debugger on kernel panic");

	static bool debugger_on_recursive_panic = false;
	SYSCTL_BOOL(_debug, OID_AUTO, debugger_on_recursive_panic,
	- CTLFLAG_RWTUN \| CTLFLAG_SECURE,
	- &debugger_on_recursive_panic, 0, "Run debugger on recursive kernel panic");
	+ CTLFLAG_RWTUN, &debugger_on_recursive_panic, 0,
	+ "Run debugger on recursive kernel panic");

	int debugger_on_trap = 0;
	SYSCTL_INT(_debug, OID_AUTO, debugger_on_trap,
	- CTLFLAG_RWTUN \| CTLFLAG_SECURE,
	- &debugger_on_trap, 0, "Run debugger on kernel trap before panic");
	+ CTLFLAG_RWTUN, &debugger_on_trap, 0,
	+ "Run debugger on kernel trap before panic");

	#ifdef KDB_TRACE
	static int trace_on_panic = 1;
	diff --git a/sys/kern/subr_kdb.c b/sys/kern/subr_kdb.c
	--- a/sys/kern/subr_kdb.c
	+++ b/sys/kern/subr_kdb.c
	@@ -77,6 +77,7 @@

	static int kdb_break_to_debugger = KDB_BREAK_TO_DEBUGGER;
	static int kdb_alt_break_to_debugger = KDB_ALT_BREAK_TO_DEBUGGER;
	+static int kdb_enter_securelevel = 0;

	KDB_BACKEND(null, NULL, NULL, NULL, NULL);

	@@ -103,7 +104,7 @@
	"currently selected KDB backend");

	SYSCTL_PROC(_debug_kdb, OID_AUTO, enter,
	- CTLTYPE_INT \| CTLFLAG_RW \| CTLFLAG_SECURE \| CTLFLAG_MPSAFE, NULL, 0,
	+ CTLTYPE_INT \| CTLFLAG_RW \| CTLFLAG_MPSAFE, NULL, 0,
	kdb_sysctl_enter, "I",
	"set to enter the debugger");

	@@ -133,13 +134,18 @@
	"set to cause a stack overflow");

	SYSCTL_INT(_debug_kdb, OID_AUTO, break_to_debugger,
	- CTLFLAG_RWTUN \| CTLFLAG_SECURE,
	+ CTLFLAG_RWTUN,
	&kdb_break_to_debugger, 0, "Enable break to debugger");

	SYSCTL_INT(_debug_kdb, OID_AUTO, alt_break_to_debugger,
	- CTLFLAG_RWTUN \| CTLFLAG_SECURE,
	+ CTLFLAG_RWTUN,
	&kdb_alt_break_to_debugger, 0, "Enable alternative break to debugger");

	+SYSCTL_INT(_debug_kdb, OID_AUTO, enter_securelevel,
	+ CTLFLAG_RWTUN \| CTLFLAG_SECURE,
	+ &kdb_enter_securelevel, 0,
	+ "maximum securelevel to enter a KDB backend");
	+
	/*
	* Flag to indicate to debuggers why the debugger was entered.
	*/
	@@ -489,6 +495,34 @@
	return (EINVAL);
	}

	+static bool
	+kdb_backend_permitted(struct kdb_dbbe be, struct ucred cred)
	+{
	+ int error;
	+
	+ error = securelevel_gt(cred, kdb_enter_securelevel);
	+#ifdef MAC
	+ /*
	+ * Give MAC a chance to weigh in on the policy: if the securelevel is
	+ * not raised, then MAC may veto the backend, otherwise MAC may
	+ * explicitly grant access.
	+ */
	+ if (error == 0) {
	+ error = mac_kdb_check_backend(be);
	+ if (error != 0) {
	+ printf("MAC prevented execution of KDB backend: %s\n",
	+ be->dbbe_name);
	+ return (false);
	+ }
	+ } else if (mac_kdb_grant_backend(be) == 0) {
	+ error = 0;
	+ }
	+#endif
	+ if (error != 0)
	+ printf("refusing to enter KDB with elevated securelevel\n");
	+ return (error == 0);
	+}
	+
	/*
	* Enter the currently selected debugger. If a message has been provided,
	* it is printed first. If the debugger does not support the enter method,
	@@ -734,9 +768,7 @@

	for (;;) {
	#ifdef MAC
	- if (mac_kdb_check_backend(be) != 0) {
	- printf("MAC prevented execution of KDB backend: %s\n",
	- be->dbbe_name);
	+ if (!kdb_backend_permitted(be, curthread->td_ucred)) {
	/* Unhandled breakpoint traps are fatal. */
	handled = 1;
	break;
	diff --git a/sys/security/mac/mac_framework.h b/sys/security/mac/mac_framework.h
	--- a/sys/security/mac/mac_framework.h
	+++ b/sys/security/mac/mac_framework.h
	@@ -214,6 +214,7 @@
	void mac_ipq_update(struct mbuf m, struct ipq q);

	int mac_kdb_check_backend(struct kdb_dbbe *be);
	+int mac_kdb_grant_backend(struct kdb_dbbe *be);

	int mac_kenv_check_dump(struct ucred *cred);
	int mac_kenv_check_get(struct ucred cred, char name);
	diff --git a/sys/security/mac/mac_kdb.c b/sys/security/mac/mac_kdb.c
	--- a/sys/security/mac/mac_kdb.c
	+++ b/sys/security/mac/mac_kdb.c
	@@ -39,6 +39,15 @@
	#include <security/mac/mac_internal.h>
	#include <security/mac/mac_policy.h>

	+int
	+mac_kdb_grant_backend(struct kdb_dbbe *be)
	+{
	+ int error = 0;
	+
	+ MAC_POLICY_GRANT_NOSLEEP(kdb_check_backend, be);
	+ return (error);
	+}
	+
	int
	mac_kdb_check_backend(struct kdb_dbbe *be)
	{

File Metadata

Mime Type: text/plain
Expires: Sat, Apr 18, 9:21 PM (7 h, 32 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 31733974
Default Alt Text: D37122.id112193.diff (4 KB)

D37122.id112193.diffNo OneTemporaryActions

D37122.id112193.diffView Options

File Metadata

Event Timeline

D37122.id112193.diff
No OneTemporary
Actions

D37122.id112193.diff
View Options