Re: git: 4819e5aeda4e - main - Add new privilege PRIV_KDB_SET_BACKEND

On Sun, Apr 16, 2023 at 09:50:27PM -0700, Simon J. Gerraty wrote:
> Konstantin Belousov <kostikbel@gmail.com> wrote:
> > > @@ -484,6 +485,11 @@ int
> > >  kdb_dbbe_select(const char *name)
> > >  {
> > >       struct kdb_dbbe *be, **iter;
> > > +     int error;
> > > +
> > > +     error = priv_check(curthread, PRIV_KDB_SET_BACKEND);
> > priv_check() fails for jailed, or even simply non-root process.
> > kdb_dbbe_select() is called from a random context, e.g. from
> > kdb_alt_break_gdb(), where it inherits whatever thread was running
> > at the moment of break to debugger.
> 
> That sounds like a bug?
Definitely.

> 
> > In other words, this function no longer works reliably.
> > 
> > > +     if (error)
> > > +             return (error);
> > >
> > >       SET_FOREACH(iter, kdb_dbbe_set) {
> > >               be = *iter;
> > > diff --git a/sys/sys/priv.h b/sys/sys/priv.h
> > > index 20bfc7312ce3..cb4dcecea4aa 100644
> > > --- a/sys/sys/priv.h
> > > +++ b/sys/sys/priv.h
> > > @@ -515,10 +515,15 @@
> > >  #define      PRIV_KMEM_READ          680     /* Open mem/kmem for reading. */
> > >  #define      PRIV_KMEM_WRITE         681     /* Open mem/kmem for writing. */
> > >
> > > +/*
> > > + * Kernel debugger privileges.
> > > + */
> > > +#define      PRIV_KDB_SET_BACKEND    690     /* Allow setting KDB backend. */
> > > +
> > >  /*
> > >   * Track end of privilege list.
> > >   */
> > > -#define      _PRIV_HIGHEST           682
> > > +#define      _PRIV_HIGHEST           691
> > >
> > >  /*
> > >   * Validate that a named privilege is known by the privilege system.  Invalid