Commit Graph

34 Commits

Author SHA1 Message Date
Warner Losh
4d846d260e spdx: The BSD-2-Clause-FreeBSD identifier is obsolete, drop -FreeBSD
The SPDX folks have obsoleted the BSD-2-Clause-FreeBSD identifier. Catch
up to that fact and revert to their recommended match of BSD-2-Clause.

Discussed with:		pfg
MFC After:		3 days
Sponsored by:		Netflix
2023-05-12 10:44:03 -06:00
Simon J. Gerraty
d9a4274795 Update/fix Makefile.depend for userland 2023-04-18 17:14:23 -07:00
Mitchell Horne
287d467c5d mac: add new mac_ddb(4) policy
Generally, access to the kernel debugger is considered to be unsafe from
a security perspective since it presents an unrestricted interface to
inspect or modify the system state, including sensitive data such as
signing keys.

However, having some access to debugger functionality on production
systems may be useful in determining the cause of a panic or hang.
Therefore, it is desirable to have an optional policy which allows
limited use of ddb(4) while disabling the functionality which could
reveal system secrets.

This loadable MAC module allows for the use of some ddb(4) commands
while preventing the execution of others. The commands have been broadly
grouped into three categories:
 - Those which are 'safe' and will not emit sensitive data (e.g. trace).
   Generally, these commands are deterministic and don't accept
   arguments.
 - Those which are definitively unsafe (e.g. examine <addr>, search
   <addr> <value>)
 - Commands which may be safe to execute depending on the arguments
   provided (e.g. show thread <addr>).

Safe commands have been flagged as such with the DB_CMD_MEMSAFE flag.

Commands requiring extra validation can provide a function to do so.
For example, 'show thread <addr>' can be used as long as addr can be
checked against the system's list of process structures.

The policy also prevents debugger backends other than ddb(4) from
executing, for example gdb(4).

Reviewed by:	markj, pauamma_gundo.com (manpages)
Sponsored by:	Juniper Networks, Inc.
Sponsored by:	Klara, Inc.
Differential Revision:	https://reviews.freebsd.org/D35371
2022-07-18 22:06:15 +00:00
Andriy Gapon
47adb0e0e0 ddb: use 'textdump dump' instead of 'call doadump'
The change is for the example in textdump.4 and the default ddb.conf.

First of all, doadump now requires an argument and it won't do a
textdump if the argument is not 'true'.
And 'textdump dump' is more idiomatic anyway.

For what it's worth, ddb 'dump' command seems to always request a vmcore
dump even if a textdump was requested earlier, e.g., by 'textdump set'.
Finally, ddb 'call' command is not documented.

MFC after:	2 weeks
2019-10-18 12:32:01 +00:00
Brad Davis
cea9c033f2 Move ddb.conf to sbin/ddb/ and switch to CONFS.
This helps pkgbase as this config file will now be tagged as a config file.

Approved by:	allanjude (mentor)
Differential Revision:	https://reviews.freebsd.org/D16675
2018-08-11 13:25:39 +00:00
Eitan Adler
5d9573acf2 ddb: unbreak ppc
usr/src/powerpc.powerpcspe/tmp/usr/include/strings.h:62:
warning: shadowed declaration is here
2018-06-17 00:00:24 +00:00
Eitan Adler
b33abb34b8 ddb: build with WARNS=6
Tested with amd64, arm64, i386, mips
2018-06-16 23:44:18 +00:00
Pedro F. Giffuni
1de7b4b805 various: general adoption of SPDX licensing ID tags.
Mainly focus on files that use BSD 2-Clause license, however the tool I
was using misidentified many licenses so this was mostly a manual - error
prone - task.

The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.

No functional change intended.
2017-11-27 15:37:16 +00:00
Bryan Drewery
ea825d0274 DIRDEPS_BUILD: Update dependencies.
Sponsored by:	Dell EMC Isilon
2017-10-31 00:07:04 +00:00
Glen Barber
406d87b1c3 Explicitly add more files to the 'runtime' package.
Sponsored by:	The FreeBSD Foundation
2016-02-09 20:19:31 +00:00
Bryan Drewery
cf990407e1 Update dependencies after r291406 added libelf to libkvm.
Unfortunately filemon/meta mode tracks all indirect dependencies here
since ld(1) is reading libelf when linking in libkvm.  Churn would be
reduced if this was able to be limited to direct dependencies.

Sponsored by:	EMC / Isilon Storage Division
2015-12-01 05:18:48 +00:00
Simon J. Gerraty
ccfb965433 Add META_MODE support.
Off by default, build behaves normally.
WITH_META_MODE we get auto objdir creation, the ability to
start build from anywhere in the tree.

Still need to add real targets under targets/ to build packages.

Differential Revision:       D2796
Reviewed by: brooks imp
2015-06-13 19:20:56 +00:00
Simon J. Gerraty
44d314f704 dirdeps.mk now sets DEP_RELDIR 2015-06-08 23:35:17 +00:00
Simon J. Gerraty
98e0ffaefb Merge sync of head 2015-05-27 01:19:58 +00:00
Baptiste Daroussin
13eb765f2d Convert sbin/ to LIBADD
Reduce overlinking
2014-11-25 11:23:12 +00:00
Simon J. Gerraty
fae50821ae Updated dependencies 2014-05-16 14:09:51 +00:00
Simon J. Gerraty
76b28ad6ab Updated dependencies 2014-05-10 05:16:28 +00:00
Simon J. Gerraty
7cf3a1c6b2 Updated dependencies 2013-03-11 17:21:52 +00:00
Simon J. Gerraty
f5f7c05209 Updated dependencies 2013-02-16 01:23:54 +00:00
Simon J. Gerraty
23090366f7 Sync from head 2012-11-04 02:52:03 +00:00
Eitan Adler
db702c59cf remove duplicate semicolons where possible.
Approved by:	cperciva
MFC after:	1 week
2012-10-22 03:00:37 +00:00
Marcel Moolenaar
7750ad47a9 Sync FreeBSD's bmake branch with Juniper's internal bmake branch.
Requested by: Simon Gerraty <sjg@juniper.net>
2012-08-22 19:25:57 +00:00
Pawel Jakub Dawidek
7fc6a8aef6 Correct subcommand name 'unset' -> 'unscript'. 2011-06-18 22:32:55 +00:00
Kevin Lo
59d8bf609f Plug an fd leak 2010-11-22 07:00:47 +00:00
Ulrich Spörlein
47e1a877c5 Always assign WARNS using ?=
- fix some nearby style bugs
- include Makefile.inc where it makes sense and reduces duplication

Approved by:	ed (co-mentor)
2010-03-02 16:58:04 +00:00
John Baldwin
5ef5fd6e53 Ensure 'kvm' is always initialized. If "-M" was not specified and the
garbage value on the stack was not zero, then 'ddb capture' would try to
use the garbage value as a kvm_t pointer.

MFC after:	1 week
2009-11-02 20:18:50 +00:00
John Baldwin
742765c971 When extracting the capture buffer from a crashdump, only read the valid
portion of the capture buffer (db_capture_bufoff vs db_capture_bufsize).
This could result in outputting garbage (e.g. lots of 'p' characters if
DIAGNOSTIC is enabled) after the end of the capture buffer.  While here,
fix a spelling nit.

Reported by:	Mikolaj Golub  to my trociny of gmail
MFC after:	3 days
2009-10-29 13:44:58 +00:00
Tom Rhodes
138f7e4b30 Apply various fixes:
Silence mdoc(7) warnings;
Xref correct manual pages;
Point user to the ddb.8 manual page.

PR:		129398
Submitted by:	gavin
2008-12-24 11:12:21 +00:00
Robert Watson
1492a26084 DDB scripting, textdumps, output capture, etc, all will appear in
FreeBSD 7.1 before 8.0 ships.

Spotted by:	Ulrich Spoerlein <uspoerlein at gmail dot com>
MFC after:	3 days
2008-08-03 14:27:06 +00:00
Robert Watson
0693424576 Add "ddb capture print" and "ddb capture status" commands do ddb(8),
alowing the DDB output capture buffer to be easily extracted from
user space.  Both of these commands include -M/-N arguments, allowing
them to be used with kernel crash dumps (or /dev/mem).

This makes it easier to use DDB scripting and output capture with
minidumps or full dumps rather than with text dumps, allowing DDB
output (scripted or otherwise) to be easily extracted from a crash
dump.

MFC after:	1 week
Discussed with:	brooks, jhb
2008-04-25 17:34:09 +00:00
Ruslan Ermilov
85018ba57b - Normalize usage(), add "ddb pathname" syntax.
- Revise the manpage.
2008-04-04 07:31:43 +00:00
Brooks Davis
14084ab9bb Add the ability to read a file of commands to ddb(8) modeled after the
feature in ipfw(8).
2008-03-05 17:51:06 +00:00
Robert Watson
9f58348801 Minor formatting tweaks.
Point at ddb(4) and textdump(4) man pages for more script examples.

MFC after:	3 months
2007-12-26 12:20:19 +00:00
Robert Watson
a1f25b0daa Add command-line tool ddb(8), which allows DDB(4) scripts to be
managed from userspace.  It is largely a wrapper for sysctl()
calls, but because the sysctls for adding and removing scripts
are awkward to use directly, this provides an easier-to-use
interface.

MFC after:	3 months
2007-12-26 09:38:22 +00:00