Re: git: 4819e5aeda4e - main - Add new privilege PRIV_KDB_SET_BACKEND

From: Konstantin Belousov <kostikbel_at_gmail.com>
Date: Sun, 16 Apr 2023 20:47:48 UTC
On Sun, Apr 16, 2023 at 06:38:19PM +0000, Stephen J. Kiernan wrote:
> The branch main has been updated by stevek:
> 
> URL: https://cgit.FreeBSD.org/src/commit/?id=4819e5aeda4ef1a193a08e29b4099c3c30369a81
> 
> commit 4819e5aeda4ef1a193a08e29b4099c3c30369a81
> Author:     Stephen J. Kiernan <stevek@FreeBSD.org>
> AuthorDate: 2023-04-16 03:59:52 +0000
> Commit:     Stephen J. Kiernan <stevek@FreeBSD.org>
> CommitDate: 2023-04-16 18:37:58 +0000
> 
>     Add new privilege PRIV_KDB_SET_BACKEND
>     
>     Summary:
>     Check for PRIV_KDB_SET_BACKEND before allowing a thread to change
>     the KDB backend.
>     
>     Obtained from:  Juniper Networks, Inc.
>     Reviewers: sjg, emaste
>     Subscribers: imp
>     
>     Differential Revision: https://reviews.freebsd.org/D39538
> ---
>  sys/kern/subr_kdb.c | 6 ++++++
>  sys/sys/priv.h      | 7 ++++++-
>  2 files changed, 12 insertions(+), 1 deletion(-)
> 
> diff --git a/sys/kern/subr_kdb.c b/sys/kern/subr_kdb.c
> index ff981cdfe47c..8aae19b728c8 100644
> --- a/sys/kern/subr_kdb.c
> +++ b/sys/kern/subr_kdb.c
> @@ -40,6 +40,7 @@ __FBSDID("$FreeBSD$");
>  #include <sys/malloc.h>
>  #include <sys/lock.h>
>  #include <sys/pcpu.h>
> +#include <sys/priv.h>
>  #include <sys/proc.h>
>  #include <sys/sbuf.h>
>  #include <sys/smp.h>
> @@ -484,6 +485,11 @@ int
>  kdb_dbbe_select(const char *name)
>  {
>  	struct kdb_dbbe *be, **iter;
> +	int error;
> +
> +	error = priv_check(curthread, PRIV_KDB_SET_BACKEND);
priv_check() fails for jailed, or even simply non-root process.
kdb_dbbe_select() is called from a random context, e.g. from
kdb_alt_break_gdb(), where it inherits whatever thread was running
at the moment of break to debugger.

In other words, this function no longer works reliably.

> +	if (error)
> +		return (error);
>  
>  	SET_FOREACH(iter, kdb_dbbe_set) {
>  		be = *iter;
> diff --git a/sys/sys/priv.h b/sys/sys/priv.h
> index 20bfc7312ce3..cb4dcecea4aa 100644
> --- a/sys/sys/priv.h
> +++ b/sys/sys/priv.h
> @@ -515,10 +515,15 @@
>  #define	PRIV_KMEM_READ		680	/* Open mem/kmem for reading. */
>  #define	PRIV_KMEM_WRITE		681	/* Open mem/kmem for writing. */
>  
> +/*
> + * Kernel debugger privileges.
> + */
> +#define	PRIV_KDB_SET_BACKEND	690	/* Allow setting KDB backend. */
> +
>  /*
>   * Track end of privilege list.
>   */
> -#define	_PRIV_HIGHEST		682
> +#define	_PRIV_HIGHEST		691
>  
>  /*
>   * Validate that a named privilege is known by the privilege system.  Invalid