Date: Sun, 16 Apr 2023 21:50:27 -0700 From: "Simon J. Gerraty" <sjg@juniper.net> To: Konstantin Belousov <kostikbel@gmail.com> Cc: "Stephen J. Kiernan" <stevek@freebsd.org>, <src-committers@freebsd.org>, <dev-commits-src-all@freebsd.org>, <dev-commits-src-main@freebsd.org>, <sjg@juniper.net> Subject: Re: git: 4819e5aeda4e - main - Add new privilege PRIV_KDB_SET_BACKEND Message-ID: <11356.1681707027@kaos.jnpr.net> In-Reply-To: <ZDxe9Jux8fbqBtHV@kib.kiev.ua> References: <202304161838.33GIcJiX079190@gitrepo.freebsd.org> <ZDxe9Jux8fbqBtHV@kib.kiev.ua>
next in thread | previous in thread | raw e-mail | index | archive | help
Konstantin Belousov <kostikbel@gmail.com> wrote: > > @@ -484,6 +485,11 @@ int > > kdb_dbbe_select(const char *name) > > { > > struct kdb_dbbe *be, **iter; > > + int error; > > + > > + error =3D priv_check(curthread, PRIV_KDB_SET_BACKEND); > priv_check() fails for jailed, or even simply non-root process. > kdb_dbbe_select() is called from a random context, e.g. from > kdb_alt_break_gdb(), where it inherits whatever thread was running > at the moment of break to debugger. That sounds like a bug? > In other words, this function no longer works reliably. > = > > + if (error) > > + return (error); > > > > SET_FOREACH(iter, kdb_dbbe_set) { > > be =3D *iter; > > diff --git a/sys/sys/priv.h b/sys/sys/priv.h > > index 20bfc7312ce3..cb4dcecea4aa 100644 > > --- a/sys/sys/priv.h > > +++ b/sys/sys/priv.h > > @@ -515,10 +515,15 @@ > > #define PRIV_KMEM_READ 680 /* Open mem/kmem for rea= ding. */ > > #define PRIV_KMEM_WRITE 681 /* Open mem/kmem for wri= ting. */ > > > > +/* > > + * Kernel debugger privileges. > > + */ > > +#define PRIV_KDB_SET_BACKEND 690 /* Allow setting KDB bac= kend. */ > > + > > /* > > * Track end of privilege list. > > */ > > -#define _PRIV_HIGHEST 682 > > +#define _PRIV_HIGHEST 691 > > > > /* > > * Validate that a named privilege is known by the privilege system. = Invalid
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?11356.1681707027>