freebsd-nq/share/man
Mark Johnston cab1056105 kdb: Modify securelevel policy
Currently, sysctls which enable KDB in some way are flagged with
CTLFLAG_SECURE, meaning that you can't modify them if securelevel > 0.
This is so that KDB cannot be used to lower a running system's
securelevel, see commit 3d7618d8bf.  However, the newer mac_ddb(4)
restricts DDB operations which could be abused to lower securelevel
while retaining some ability to gather useful debugging information.

To enable the use of KDB (specifically, DDB) on systems with a raised
securelevel, change the KDB sysctl policy: rather than relying on
CTLFLAG_SECURE, add a check of the current securelevel to kdb_trap().
If the securelevel is raised, only pass control to the backend if MAC
specifically grants access; otherwise simply check to see if mac_ddb
vetoes the request, as before.

Add a new secure sysctl, debug.kdb.enter_securelevel, to override this
behaviour.  That is, the sysctl lets one enter a KDB backend even with a
raised securelevel, so long as it is set before the securelevel is
raised.

Reviewed by:	mhorne, stevek
MFC after:	1 month
Sponsored by:	Juniper Networks
Sponsored by:	Klara, Inc.
Differential Revision:	https://reviews.freebsd.org/D37122
2023-03-30 10:45:00 -04:00
..
man1
man3 netlink: Fix "version introduced" documentation 2023-03-04 09:00:13 -07:00
man3lua
man4 Cross-reference coretemp(4) and amdtemp(4) 2023-03-20 17:12:12 -03:00
man5 pf.conf.5: typo fixes 2023-03-29 15:34:26 +00:00
man6
man7 kdb: Modify securelevel policy 2023-03-30 10:45:00 -04:00
man8 rc: add a manual entry for ${name}_setup 2022-11-11 22:21:39 +01:00
man9 kasan.9: Update to note arm64 support 2023-03-23 20:39:10 -04:00
Makefile