diff options
author | Stephen J. Kiernan <stevek@FreeBSD.org> | 2023-04-16 03:59:52 +0000 |
---|---|---|
committer | Stephen J. Kiernan <stevek@FreeBSD.org> | 2023-04-16 18:37:58 +0000 |
commit | 4819e5aeda4ef1a193a08e29b4099c3c30369a81 (patch) | |
tree | c71af1154710616e30148d09c5be3ec960ebaf3c | |
parent | c753f49f7006d28786c29dfbb5f838b494e2146f (diff) | |
download | src-4819e5aeda4ef1a193a08e29b4099c3c30369a81.tar.gz src-4819e5aeda4ef1a193a08e29b4099c3c30369a81.zip |
Add new privilege PRIV_KDB_SET_BACKEND
Summary:
Check for PRIV_KDB_SET_BACKEND before allowing a thread to change
the KDB backend.
Obtained from: Juniper Networks, Inc.
Reviewers: sjg, emaste
Subscribers: imp
Differential Revision: https://reviews.freebsd.org/D39538
-rw-r--r-- | sys/kern/subr_kdb.c | 6 | ||||
-rw-r--r-- | sys/sys/priv.h | 7 |
2 files changed, 12 insertions, 1 deletions
diff --git a/sys/kern/subr_kdb.c b/sys/kern/subr_kdb.c index ff981cdfe47c..8aae19b728c8 100644 --- a/sys/kern/subr_kdb.c +++ b/sys/kern/subr_kdb.c @@ -40,6 +40,7 @@ __FBSDID("$FreeBSD$"); #include <sys/malloc.h> #include <sys/lock.h> #include <sys/pcpu.h> +#include <sys/priv.h> #include <sys/proc.h> #include <sys/sbuf.h> #include <sys/smp.h> @@ -484,6 +485,11 @@ int kdb_dbbe_select(const char *name) { struct kdb_dbbe *be, **iter; + int error; + + error = priv_check(curthread, PRIV_KDB_SET_BACKEND); + if (error) + return (error); SET_FOREACH(iter, kdb_dbbe_set) { be = *iter; diff --git a/sys/sys/priv.h b/sys/sys/priv.h index 20bfc7312ce3..cb4dcecea4aa 100644 --- a/sys/sys/priv.h +++ b/sys/sys/priv.h @@ -516,9 +516,14 @@ #define PRIV_KMEM_WRITE 681 /* Open mem/kmem for writing. */ /* + * Kernel debugger privileges. + */ +#define PRIV_KDB_SET_BACKEND 690 /* Allow setting KDB backend. */ + +/* * Track end of privilege list. */ -#define _PRIV_HIGHEST 682 +#define _PRIV_HIGHEST 691 /* * Validate that a named privilege is known by the privilege system. Invalid |