aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStephen J. Kiernan <stevek@FreeBSD.org>2023-04-16 03:59:52 +0000
committerStephen J. Kiernan <stevek@FreeBSD.org>2023-04-16 18:37:58 +0000
commit4819e5aeda4ef1a193a08e29b4099c3c30369a81 (patch)
treec71af1154710616e30148d09c5be3ec960ebaf3c
parentc753f49f7006d28786c29dfbb5f838b494e2146f (diff)
downloadsrc-4819e5aeda4ef1a193a08e29b4099c3c30369a81.tar.gz
src-4819e5aeda4ef1a193a08e29b4099c3c30369a81.zip
Add new privilege PRIV_KDB_SET_BACKEND
Summary: Check for PRIV_KDB_SET_BACKEND before allowing a thread to change the KDB backend. Obtained from: Juniper Networks, Inc. Reviewers: sjg, emaste Subscribers: imp Differential Revision: https://reviews.freebsd.org/D39538
Diffstat
-rw-r--r--sys/kern/subr_kdb.c6
-rw-r--r--sys/sys/priv.h7
2 files changed, 12 insertions, 1 deletions
diff --git a/sys/kern/subr_kdb.c b/sys/kern/subr_kdb.c
index ff981cdfe47c..8aae19b728c8 100644
--- a/sys/kern/subr_kdb.c
+++ b/sys/kern/subr_kdb.c
@@ -40,6 +40,7 @@ __FBSDID("$FreeBSD$");
#include <sys/malloc.h>
#include <sys/lock.h>
#include <sys/pcpu.h>
+#include <sys/priv.h>
#include <sys/proc.h>
#include <sys/sbuf.h>
#include <sys/smp.h>
@@ -484,6 +485,11 @@ int
kdb_dbbe_select(const char *name)
{
struct kdb_dbbe *be, **iter;
+ int error;
+
+ error = priv_check(curthread, PRIV_KDB_SET_BACKEND);
+ if (error)
+ return (error);
SET_FOREACH(iter, kdb_dbbe_set) {
be = *iter;
diff --git a/sys/sys/priv.h b/sys/sys/priv.h
index 20bfc7312ce3..cb4dcecea4aa 100644
--- a/sys/sys/priv.h
+++ b/sys/sys/priv.h
@@ -516,9 +516,14 @@
#define PRIV_KMEM_WRITE 681 /* Open mem/kmem for writing. */
/*
+ * Kernel debugger privileges.
+ */
+#define PRIV_KDB_SET_BACKEND 690 /* Allow setting KDB backend. */
+
+/*
* Track end of privilege list.
*/
-#define _PRIV_HIGHEST 682
+#define _PRIV_HIGHEST 691
/*
* Validate that a named privilege is known by the privilege system. Invalid
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-04 21:24:48 +0000