Disallow various debug.kdb sysctl's when securelevel is raised.
PR: 161350
This commit is contained in:
David E. O'Brien
parent
f36a5e0f34
commit
ef522f9515
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=226089
@ -544,6 +544,12 @@ may not be opened for writing;
|
||||
kernel modules (see
|
||||
.Xr kld 4 )
|
||||
may not be loaded or unloaded.
|
||||
The kernel debugger may not be entered using the
|
||||
.Va debug.kdb.enter
|
||||
sysctl.
|
||||
A panic or trap cannot be forced using the
|
||||
.Va debug.kdb.panic
|
||||
and other sysctl's.
|
||||
.It Ic 2
|
||||
Highly secure mode \- same as secure mode, plus disks may not be
|
||||
opened for writing (except by
|
||||
|
||||
@ -90,25 +90,30 @@ SYSCTL_PROC(_debug_kdb, OID_AUTO, available, CTLTYPE_STRING | CTLFLAG_RD, NULL,
|
||||
SYSCTL_PROC(_debug_kdb, OID_AUTO, current, CTLTYPE_STRING | CTLFLAG_RW, NULL,
|
||||
0, kdb_sysctl_current, "A", "currently selected KDB backend");
|
||||
|
||||
SYSCTL_PROC(_debug_kdb, OID_AUTO, enter, CTLTYPE_INT | CTLFLAG_RW, NULL, 0,
|
||||
SYSCTL_PROC(_debug_kdb, OID_AUTO, enter,
|
||||
CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_SECURE, NULL, 0,
|
||||
kdb_sysctl_enter, "I", "set to enter the debugger");
|
||||
|
||||
SYSCTL_PROC(_debug_kdb, OID_AUTO, panic, CTLTYPE_INT | CTLFLAG_RW, NULL, 0,
|
||||
SYSCTL_PROC(_debug_kdb, OID_AUTO, panic,
|
||||
CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_SECURE, NULL, 0,
|
||||
kdb_sysctl_panic, "I", "set to panic the kernel");
|
||||
|
||||
SYSCTL_PROC(_debug_kdb, OID_AUTO, trap, CTLTYPE_INT | CTLFLAG_RW, NULL, 0,
|
||||
SYSCTL_PROC(_debug_kdb, OID_AUTO, trap,
|
||||
CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_SECURE, NULL, 0,
|
||||
kdb_sysctl_trap, "I", "set to cause a page fault via data access");
|
||||
|
||||
SYSCTL_PROC(_debug_kdb, OID_AUTO, trap_code, CTLTYPE_INT | CTLFLAG_RW, NULL, 0,
|
||||
SYSCTL_PROC(_debug_kdb, OID_AUTO, trap_code,
|
||||
CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_SECURE, NULL, 0,
|
||||
kdb_sysctl_trap_code, "I", "set to cause a page fault via code access");
|
||||
|
||||
SYSCTL_INT(_debug_kdb, OID_AUTO, break_to_debugger, CTLTYPE_INT | CTLFLAG_RW |
|
||||
CTLFLAG_TUN, &kdb_break_to_debugger, 0, "Enable break to debugger");
|
||||
SYSCTL_INT(_debug_kdb, OID_AUTO, break_to_debugger,
|
||||
CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_TUN | CTLFLAG_SECURE,
|
||||
&kdb_break_to_debugger, 0, "Enable break to debugger");
|
||||
TUNABLE_INT("debug.kdb.break_to_debugger", &kdb_break_to_debugger);
|
||||
|
||||
SYSCTL_INT(_debug_kdb, OID_AUTO, alt_break_to_debugger, CTLTYPE_INT |
|
||||
CTLFLAG_RW | CTLFLAG_TUN, &kdb_alt_break_to_debugger, 0,
|
||||
"Enable alternative break to debugger");
|
||||
SYSCTL_INT(_debug_kdb, OID_AUTO, alt_break_to_debugger,
|
||||
CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_TUN | CTLFLAG_SECURE,
|
||||
&kdb_alt_break_to_debugger, 0, "Enable alternative break to debugger");
|
||||
TUNABLE_INT("debug.kdb.alt_break_to_debugger", &kdb_alt_break_to_debugger);
|
||||
|
||||
/*
|
||||
|
||||
Loading…
Reference in New Issue
Block a user