Date: Wed, 26 Feb 2003 03:01:21 +0100 From: Maxime Henrion <mux@freebsd.org> To: audit@freebsd.org Subject: syscons patch Message-ID: <20030226020121.GD18565@elvis.mu.org>
next in thread | raw e-mail | index | archive | help
--s2ZSL+KKDSLx8OML Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Hi all, I've recently experienced the fact that if you try to drop into the kernel debugger when someone disabled VTY switching (either with lock -v or vidcontrol -S), the box will freeze. I've written a patch which just disables the VTY switching protection in the DDB case when someone tries to enter the debugger. I think it makes sense since a box which is supposed to be physically secure shouldn't use DDB. However, given the security implications, I'd appreciate comments on this stuff. The attached patch implements this solution and documents it in lock(1) and vidcontrol(1). Cheers, Maxime --s2ZSL+KKDSLx8OML Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="syscons.patch" Index: sys/dev/syscons/syscons.c =================================================================== RCS file: /space2/ncvs/src/sys/dev/syscons/syscons.c,v retrieving revision 1.395 diff -u -p -r1.395 syscons.c --- sys/dev/syscons/syscons.c 25 Feb 2003 03:21:20 -0000 1.395 +++ sys/dev/syscons/syscons.c 25 Feb 2003 23:17:56 -0000 @@ -1538,6 +1538,10 @@ sccndbctl(struct consdev *cd, int on) && sc_console->smode.mode == VT_AUTO) { sc_console->sc->cur_scp->status |= MOUSE_HIDDEN; ++debugger; /* XXX */ +#ifdef DDB + /* unlock vty switching */ + sc_console->sc->flags &= ~SC_SCRN_VTYLOCK; +#endif sc_switch_scr(sc_console->sc, sc_console->index); --debugger; /* XXX */ } Index: usr.bin/lock/lock.1 =================================================================== RCS file: /space2/ncvs/src/usr.bin/lock/lock.1,v retrieving revision 1.8 diff -u -p -r1.8 lock.1 --- usr.bin/lock/lock.1 28 Jul 2002 07:13:53 -0000 1.8 +++ usr.bin/lock/lock.1 26 Feb 2003 01:43:56 -0000 @@ -70,10 +70,14 @@ This option is implemented in a way simi .Fl S option of .Xr vidcontrol 1 , -and is only available if the terminal in question is a +and thus has the same restrictions. +It is only available if the terminal in question is a .Xr syscons 4 virtual terminal. .El +.Sh SEE ALSO +.Xr vidcontrol 1 , +.Xr syscons 4 .Sh HISTORY The .Nm Index: usr.sbin/vidcontrol/vidcontrol.1 =================================================================== RCS file: /space2/ncvs/src/usr.sbin/vidcontrol/vidcontrol.1,v retrieving revision 1.53 diff -u -p -r1.53 vidcontrol.1 --- usr.sbin/vidcontrol/vidcontrol.1 19 Aug 2002 16:33:23 -0000 1.53 +++ usr.sbin/vidcontrol/vidcontrol.1 26 Feb 2003 01:46:51 -0000 @@ -228,6 +228,10 @@ Turn vty switching on or off. When vty switching is off, attempts to switch to a different virtual terminal will fail. (The default is to permit vty switching.) +This protection can be easily bypassed when the kernel is compiled with +the DDB option. +However, you probably shouldn't compile the kernel debugger on a box which +is supposed to be physically secure. .It Fl s Ar number Set the current vty to .Ar number . --s2ZSL+KKDSLx8OML-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030226020121.GD18565>