[5231] in bugtraq
DDB/securelevel
daemon@ATHENA.MIT.EDU (Aleph One)
Sat Aug 30 12:39:00 1997
Date: Sat, 30 Aug 1997 11:18:54 -0500
Reply-To: Aleph One <aleph1@DFW.NET>
From: Aleph One <aleph1@DFW.NET>
To: BUGTRAQ@NETSPACE.ORG
---------- Forwarded message ----------
Date: Sat, 30 Aug 1997 09:06:19 -0400 (EDT)
From: Brian Mitchell <brian@firehouse.net>
To: freebsd-security@FreeBSD.ORG
Subject: DDB/securelevel
DDB is the kernel debugger. It lets you debug the kernel upon a
panic or when you wish to enter it via a key sequence on the
console. There appears to be a slight problem though, you can
use DDB to lower the securelevel of the system. The following
shows one example:
# sysctl -w kern.securelevel=10
kern.securelevel: 0 -> 10
# Debugger("manual escape to debugger")
Stopped at _Debugger+0x35: movb $0,_in_Debugger.118
db> write securelevel 0
_securelevel 0xa = 0
db> cont
# sysctl kern.securelevel
kern.securelevel: 0
#
The most straightforward solution to this is to simply not allow
DDB to be run when securelevel > 0. Enclosed is a simple patch
against 2.2.1 to do this.
*** i386/i386/db_interface.c Sat Aug 30 08:57:36 1997
--- i386/i386/db_interface.c.new Sat Aug 30 09:00:43 1997
***************
*** 241,246 ****
--- 241,256 ----
/*
* XXX
+ * Do nothing if the securelevel is > 0. The justification
+ * being that DDB can be used to lower the securelevel, so
+ * if we run > 0, we should not be able to run DDB at all.
+ * Modifying DDB to be securelevel friendly is not an option.
+ */
+ if(securelevel > 0)
+ return;
+
+ /*
+ * XXX
* Do nothing if the console is in graphics mode. This is
* OK if the call is for the debugger hotkey but not if the call
* is a weak form of panicing.
Brian Mitchell brian@firehouse.net
"BSD code sucks. Of course, everything else sucks far more."
- Theo de Raadt (OpenBSD President)
