diff options
author | David E. O'Brien <obrien@FreeBSD.org> | 2011-10-07 05:47:30 +0000 |
---|---|---|
committer | David E. O'Brien <obrien@FreeBSD.org> | 2011-10-07 05:47:30 +0000 |
commit | ef522f951545eb348fda109d0cdb25e74bae67b8 (patch) | |
tree | ca76c3bfb443f00f6c5e19395d6b993a33901b56 /sys/kern/subr_kdb.c | |
parent | f36a5e0f3464a525dc9fa53272179f7f6687e5de (diff) | |
download | src-ef522f951545eb348fda109d0cdb25e74bae67b8.tar.gz src-ef522f951545eb348fda109d0cdb25e74bae67b8.zip |
Disallow various debug.kdb sysctl's when securelevel is raised.
PR: 161350
Notes
Notes:
svn path=/head/; revision=226089
Diffstat (limited to 'sys/kern/subr_kdb.c')
-rw-r--r-- | sys/kern/subr_kdb.c | 23 |
1 files changed, 14 insertions, 9 deletions
diff --git a/sys/kern/subr_kdb.c b/sys/kern/subr_kdb.c index 76b37a9ce7c0..1d23f2173cca 100644 --- a/sys/kern/subr_kdb.c +++ b/sys/kern/subr_kdb.c @@ -90,25 +90,30 @@ SYSCTL_PROC(_debug_kdb, OID_AUTO, available, CTLTYPE_STRING | CTLFLAG_RD, NULL, SYSCTL_PROC(_debug_kdb, OID_AUTO, current, CTLTYPE_STRING | CTLFLAG_RW, NULL, 0, kdb_sysctl_current, "A", "currently selected KDB backend"); -SYSCTL_PROC(_debug_kdb, OID_AUTO, enter, CTLTYPE_INT | CTLFLAG_RW, NULL, 0, +SYSCTL_PROC(_debug_kdb, OID_AUTO, enter, + CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_SECURE, NULL, 0, kdb_sysctl_enter, "I", "set to enter the debugger"); -SYSCTL_PROC(_debug_kdb, OID_AUTO, panic, CTLTYPE_INT | CTLFLAG_RW, NULL, 0, +SYSCTL_PROC(_debug_kdb, OID_AUTO, panic, + CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_SECURE, NULL, 0, kdb_sysctl_panic, "I", "set to panic the kernel"); -SYSCTL_PROC(_debug_kdb, OID_AUTO, trap, CTLTYPE_INT | CTLFLAG_RW, NULL, 0, +SYSCTL_PROC(_debug_kdb, OID_AUTO, trap, + CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_SECURE, NULL, 0, kdb_sysctl_trap, "I", "set to cause a page fault via data access"); -SYSCTL_PROC(_debug_kdb, OID_AUTO, trap_code, CTLTYPE_INT | CTLFLAG_RW, NULL, 0, +SYSCTL_PROC(_debug_kdb, OID_AUTO, trap_code, + CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_SECURE, NULL, 0, kdb_sysctl_trap_code, "I", "set to cause a page fault via code access"); -SYSCTL_INT(_debug_kdb, OID_AUTO, break_to_debugger, CTLTYPE_INT | CTLFLAG_RW | - CTLFLAG_TUN, &kdb_break_to_debugger, 0, "Enable break to debugger"); +SYSCTL_INT(_debug_kdb, OID_AUTO, break_to_debugger, + CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_TUN | CTLFLAG_SECURE, + &kdb_break_to_debugger, 0, "Enable break to debugger"); TUNABLE_INT("debug.kdb.break_to_debugger", &kdb_break_to_debugger); -SYSCTL_INT(_debug_kdb, OID_AUTO, alt_break_to_debugger, CTLTYPE_INT | - CTLFLAG_RW | CTLFLAG_TUN, &kdb_alt_break_to_debugger, 0, - "Enable alternative break to debugger"); +SYSCTL_INT(_debug_kdb, OID_AUTO, alt_break_to_debugger, + CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_TUN | CTLFLAG_SECURE, + &kdb_alt_break_to_debugger, 0, "Enable alternative break to debugger"); TUNABLE_INT("debug.kdb.alt_break_to_debugger", &kdb_alt_break_to_debugger); /* |