Re: git: 4819e5aeda4e - main - Add new privilege PRIV_KDB_SET_BACKEND
Date: Sun, 16 Apr 2023 20:47:48 UTC
On Sun, Apr 16, 2023 at 06:38:19PM +0000, Stephen J. Kiernan wrote: > The branch main has been updated by stevek: > > URL: https://cgit.FreeBSD.org/src/commit/?id=4819e5aeda4ef1a193a08e29b4099c3c30369a81 > > commit 4819e5aeda4ef1a193a08e29b4099c3c30369a81 > Author: Stephen J. Kiernan <stevek@FreeBSD.org> > AuthorDate: 2023-04-16 03:59:52 +0000 > Commit: Stephen J. Kiernan <stevek@FreeBSD.org> > CommitDate: 2023-04-16 18:37:58 +0000 > > Add new privilege PRIV_KDB_SET_BACKEND > > Summary: > Check for PRIV_KDB_SET_BACKEND before allowing a thread to change > the KDB backend. > > Obtained from: Juniper Networks, Inc. > Reviewers: sjg, emaste > Subscribers: imp > > Differential Revision: https://reviews.freebsd.org/D39538 > --- > sys/kern/subr_kdb.c | 6 ++++++ > sys/sys/priv.h | 7 ++++++- > 2 files changed, 12 insertions(+), 1 deletion(-) > > diff --git a/sys/kern/subr_kdb.c b/sys/kern/subr_kdb.c > index ff981cdfe47c..8aae19b728c8 100644 > --- a/sys/kern/subr_kdb.c > +++ b/sys/kern/subr_kdb.c > @@ -40,6 +40,7 @@ __FBSDID("$FreeBSD$"); > #include <sys/malloc.h> > #include <sys/lock.h> > #include <sys/pcpu.h> > +#include <sys/priv.h> > #include <sys/proc.h> > #include <sys/sbuf.h> > #include <sys/smp.h> > @@ -484,6 +485,11 @@ int > kdb_dbbe_select(const char *name) > { > struct kdb_dbbe *be, **iter; > + int error; > + > + error = priv_check(curthread, PRIV_KDB_SET_BACKEND); priv_check() fails for jailed, or even simply non-root process. kdb_dbbe_select() is called from a random context, e.g. from kdb_alt_break_gdb(), where it inherits whatever thread was running at the moment of break to debugger. In other words, this function no longer works reliably. > + if (error) > + return (error); > > SET_FOREACH(iter, kdb_dbbe_set) { > be = *iter; > diff --git a/sys/sys/priv.h b/sys/sys/priv.h > index 20bfc7312ce3..cb4dcecea4aa 100644 > --- a/sys/sys/priv.h > +++ b/sys/sys/priv.h > @@ -515,10 +515,15 @@ > #define PRIV_KMEM_READ 680 /* Open mem/kmem for reading. */ > #define PRIV_KMEM_WRITE 681 /* Open mem/kmem for writing. */ > > +/* > + * Kernel debugger privileges. > + */ > +#define PRIV_KDB_SET_BACKEND 690 /* Allow setting KDB backend. */ > + > /* > * Track end of privilege list. > */ > -#define _PRIV_HIGHEST 682 > +#define _PRIV_HIGHEST 691 > > /* > * Validate that a named privilege is known by the privilege system. Invalid