Date: Wed, 26 Feb 2003 03:01:21 +0100 From: Maxime Henrion <mux@freebsd.org> To: audit@freebsd.org Subject: syscons patch Message-ID: <20030226020121.GD18565@elvis.mu.org>
next in thread | raw e-mail | index | archive | help
--s2ZSL+KKDSLx8OML
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Hi all,
I've recently experienced the fact that if you try to drop into the
kernel debugger when someone disabled VTY switching (either with lock -v
or vidcontrol -S), the box will freeze. I've written a patch which just
disables the VTY switching protection in the DDB case when someone tries
to enter the debugger. I think it makes sense since a box which is
supposed to be physically secure shouldn't use DDB. However, given the
security implications, I'd appreciate comments on this stuff.
The attached patch implements this solution and documents it in lock(1)
and vidcontrol(1).
Cheers,
Maxime
--s2ZSL+KKDSLx8OML
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="syscons.patch"
Index: sys/dev/syscons/syscons.c
===================================================================
RCS file: /space2/ncvs/src/sys/dev/syscons/syscons.c,v
retrieving revision 1.395
diff -u -p -r1.395 syscons.c
--- sys/dev/syscons/syscons.c 25 Feb 2003 03:21:20 -0000 1.395
+++ sys/dev/syscons/syscons.c 25 Feb 2003 23:17:56 -0000
@@ -1538,6 +1538,10 @@ sccndbctl(struct consdev *cd, int on)
&& sc_console->smode.mode == VT_AUTO) {
sc_console->sc->cur_scp->status |= MOUSE_HIDDEN;
++debugger; /* XXX */
+#ifdef DDB
+ /* unlock vty switching */
+ sc_console->sc->flags &= ~SC_SCRN_VTYLOCK;
+#endif
sc_switch_scr(sc_console->sc, sc_console->index);
--debugger; /* XXX */
}
Index: usr.bin/lock/lock.1
===================================================================
RCS file: /space2/ncvs/src/usr.bin/lock/lock.1,v
retrieving revision 1.8
diff -u -p -r1.8 lock.1
--- usr.bin/lock/lock.1 28 Jul 2002 07:13:53 -0000 1.8
+++ usr.bin/lock/lock.1 26 Feb 2003 01:43:56 -0000
@@ -70,10 +70,14 @@ This option is implemented in a way simi
.Fl S
option of
.Xr vidcontrol 1 ,
-and is only available if the terminal in question is a
+and thus has the same restrictions.
+It is only available if the terminal in question is a
.Xr syscons 4
virtual terminal.
.El
+.Sh SEE ALSO
+.Xr vidcontrol 1 ,
+.Xr syscons 4
.Sh HISTORY
The
.Nm
Index: usr.sbin/vidcontrol/vidcontrol.1
===================================================================
RCS file: /space2/ncvs/src/usr.sbin/vidcontrol/vidcontrol.1,v
retrieving revision 1.53
diff -u -p -r1.53 vidcontrol.1
--- usr.sbin/vidcontrol/vidcontrol.1 19 Aug 2002 16:33:23 -0000 1.53
+++ usr.sbin/vidcontrol/vidcontrol.1 26 Feb 2003 01:46:51 -0000
@@ -228,6 +228,10 @@ Turn vty switching on or off.
When vty switching is off,
attempts to switch to a different virtual terminal will fail.
(The default is to permit vty switching.)
+This protection can be easily bypassed when the kernel is compiled with
+the DDB option.
+However, you probably shouldn't compile the kernel debugger on a box which
+is supposed to be physically secure.
.It Fl s Ar number
Set the current vty to
.Ar number .
--s2ZSL+KKDSLx8OML--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030226020121.GD18565>