aboutsummaryrefslogtreecommitdiff
path: root/sys/security/mac_ddb
Commit message (Collapse)AuthorAgeFilesLines
* mac_ddb: Fix the show rman validator.John Baldwin2022-08-121-1/+1
| | | | | | | | The validator always returned true due to an incorrect check. Reviewed by: mhorne, imp Sponsored by: DARPA Differential Revision: https://reviews.freebsd.org/D36125
* Revert "mac_ddb: Make db_show_vnet_valid() handle !VIMAGE"Allan Jude2022-07-211-4/+0
| | | | | | | | jhb@ already fixed this in a different way Reported by: andrew This reverts commit 3810b37903220af1a369d3c4032ae25fb2d7949d.
* mac_ddb: Make db_show_vnet_valid() handle !VIMAGEAllan Jude2022-07-211-0/+4
| | | | | | Reported by: kib Sponsored by: Juniper Networks, Inc. Sponsored by: Klara, Inc.
* mac_ddb: Only include the vnet validator in VIMAGE kernels.John Baldwin2022-07-201-0/+6
| | | | | | | | | | | | This fixes the build of at least i386 MINIMAL which was failing with the error: sys/security/mac_ddb/mac_ddb.c:200:15: error: use of undeclared identifier 'vnet'; did you mean 'int'? if ((void *)vnet == (void *)addr) ^~~~ int Sponsored by: DARPA
* mac_ddb: add some validation functionsMitchell Horne2022-07-181-0/+101
| | | | | | | | | | These global objects are easy to validate, so provide the helper functions to do so and include these commands in the allow lists. Reviewed by: markj Sponsored by: Juniper Networks, Inc. Sponsored by: Klara, Inc. Differential Revision: https://reviews.freebsd.org/D35372
* mac: add new mac_ddb(4) policyMitchell Horne2022-07-181-0/+266
Generally, access to the kernel debugger is considered to be unsafe from a security perspective since it presents an unrestricted interface to inspect or modify the system state, including sensitive data such as signing keys. However, having some access to debugger functionality on production systems may be useful in determining the cause of a panic or hang. Therefore, it is desirable to have an optional policy which allows limited use of ddb(4) while disabling the functionality which could reveal system secrets. This loadable MAC module allows for the use of some ddb(4) commands while preventing the execution of others. The commands have been broadly grouped into three categories: - Those which are 'safe' and will not emit sensitive data (e.g. trace). Generally, these commands are deterministic and don't accept arguments. - Those which are definitively unsafe (e.g. examine <addr>, search <addr> <value>) - Commands which may be safe to execute depending on the arguments provided (e.g. show thread <addr>). Safe commands have been flagged as such with the DB_CMD_MEMSAFE flag. Commands requiring extra validation can provide a function to do so. For example, 'show thread <addr>' can be used as long as addr can be checked against the system's list of process structures. The policy also prevents debugger backends other than ddb(4) from executing, for example gdb(4). Reviewed by: markj, pauamma_gundo.com (manpages) Sponsored by: Juniper Networks, Inc. Sponsored by: Klara, Inc. Differential Revision: https://reviews.freebsd.org/D35371
generated by cgit v1.3 (git 2.53.0) at 2026-04-15 13:46:02 +0000