Date: Sat, 30 Aug 1997 09:06:19 -0400 (EDT) From: Brian Mitchell <brian@firehouse.net> To: freebsd-security@freebsd.org Subject: DDB/securelevel Message-ID: <Pine.NEB.3.96.970830090503.263A-100000@apocalypse.saturn.net>
next in thread | raw e-mail | index | archive | help
DDB is the kernel debugger. It lets you debug the kernel upon a
panic or when you wish to enter it via a key sequence on the
console. There appears to be a slight problem though, you can
use DDB to lower the securelevel of the system. The following
shows one example:
# sysctl -w kern.securelevel=10
kern.securelevel: 0 -> 10
# Debugger("manual escape to debugger")
Stopped at _Debugger+0x35: movb $0,_in_Debugger.118
db> write securelevel 0
_securelevel 0xa = 0
db> cont
# sysctl kern.securelevel
kern.securelevel: 0
#
The most straightforward solution to this is to simply not allow
DDB to be run when securelevel > 0. Enclosed is a simple patch
against 2.2.1 to do this.
*** i386/i386/db_interface.c Sat Aug 30 08:57:36 1997
--- i386/i386/db_interface.c.new Sat Aug 30 09:00:43 1997
***************
*** 241,246 ****
--- 241,256 ----
/*
* XXX
+ * Do nothing if the securelevel is > 0. The justification
+ * being that DDB can be used to lower the securelevel, so
+ * if we run > 0, we should not be able to run DDB at all.
+ * Modifying DDB to be securelevel friendly is not an option.
+ */
+ if(securelevel > 0)
+ return;
+
+ /*
+ * XXX
* Do nothing if the console is in graphics mode. This is
* OK if the call is for the debugger hotkey but not if the call
* is a weak form of panicing.
Brian Mitchell brian@firehouse.net
"BSD code sucks. Of course, everything else sucks far more."
- Theo de Raadt (OpenBSD President)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96.970830090503.263A-100000>