upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-02-24 18:30:55 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
284901 commits 29 branches 220 tags 2.1 GiB
Commit graph

6 commits

Author SHA1 Message Date
John Baldwin
3a3af6b2a1 mac_ddb: Fix the show rman validator. 
The validator always returned true due to an incorrect check.

Reviewed by:	mhorne, imp
Sponsored by:	DARPA
Differential Revision:	https://reviews.freebsd.org/D36125
 2022-08-12 10:20:05 -07:00
Allan Jude
e89841f893 Revert "mac_ddb: Make db_show_vnet_valid() handle !VIMAGE" 
jhb@ already fixed this in a different way

Reported by: andrew

This reverts commit 3810b37903.
 2022-07-21 14:26:54 +00:00
Allan Jude
3810b37903 mac_ddb: Make db_show_vnet_valid() handle !VIMAGE 
Reported by:	kib
Sponsored by:	Juniper Networks, Inc.
Sponsored by:	Klara, Inc.
 2022-07-21 14:01:01 +00:00
John Baldwin
b43b8f8157 mac_ddb: Only include the vnet validator in VIMAGE kernels. 
This fixes the build of at least i386 MINIMAL which was failing with
the error:

sys/security/mac_ddb/mac_ddb.c:200:15: error: use of undeclared identifier 'vnet'; did you mean 'int'?
                if ((void *)vnet == (void *)addr)
                            ^~~~
                            int

Sponsored by:	DARPA
 2022-07-20 16:02:56 -07:00
Mitchell Horne
4e2121c10a mac_ddb: add some validation functions 
These global objects are easy to validate, so provide the helper
functions to do so and include these commands in the allow lists.

Reviewed by:	markj
Sponsored by:	Juniper Networks, Inc.
Sponsored by:	Klara, Inc.
Differential Revision:	https://reviews.freebsd.org/D35372
 2022-07-18 22:06:22 +00:00
Mitchell Horne
287d467c5d mac: add new mac_ddb(4) policy 
Generally, access to the kernel debugger is considered to be unsafe from
a security perspective since it presents an unrestricted interface to
inspect or modify the system state, including sensitive data such as
signing keys.

However, having some access to debugger functionality on production
systems may be useful in determining the cause of a panic or hang.
Therefore, it is desirable to have an optional policy which allows
limited use of ddb(4) while disabling the functionality which could
reveal system secrets.

This loadable MAC module allows for the use of some ddb(4) commands
while preventing the execution of others. The commands have been broadly
grouped into three categories:
 - Those which are 'safe' and will not emit sensitive data (e.g. trace).
   Generally, these commands are deterministic and don't accept
   arguments.
 - Those which are definitively unsafe (e.g. examine <addr>, search
   <addr> <value>)
 - Commands which may be safe to execute depending on the arguments
   provided (e.g. show thread <addr>).

Safe commands have been flagged as such with the DB_CMD_MEMSAFE flag.

Commands requiring extra validation can provide a function to do so.
For example, 'show thread <addr>' can be used as long as addr can be
checked against the system's list of process structures.

The policy also prevents debugger backends other than ddb(4) from
executing, for example gdb(4).

Reviewed by:	markj, pauamma_gundo.com (manpages)
Sponsored by:	Juniper Networks, Inc.
Sponsored by:	Klara, Inc.
Differential Revision:	https://reviews.freebsd.org/D35371
 2022-07-18 22:06:15 +00:00