DDB/securelevel

[aleph1 () DFW NET (Aleph One)]

---------- Forwarded message ----------
Date: Sat, 30 Aug 1997 09:06:19 -0400 (EDT)
From: Brian Mitchell <brian () firehouse net>
To: freebsd-security () FreeBSD ORG
Subject: DDB/securelevel

DDB is the kernel debugger. It lets you debug the kernel upon a
panic or when you wish to enter it via a key sequence on the
console. There appears to be a slight problem though, you can
use DDB to lower the securelevel of the system. The following
shows one example:

# sysctl -w kern.securelevel=10
kern.securelevel: 0 -> 10
# Debugger("manual escape to debugger")
Stopped at      _Debugger+0x35: movb    $0,_in_Debugger.118
db> write securelevel 0
_securelevel                 0xa        =              0
db> cont

# sysctl kern.securelevel
kern.securelevel: 0
#

The most straightforward solution to this is to simply not allow
DDB to be run when securelevel > 0. Enclosed is a simple patch
against 2.2.1 to do this.


*** i386/i386/db_interface.c    Sat Aug 30 08:57:36 1997
--- i386/i386/db_interface.c.new        Sat Aug 30 09:00:43 1997
***************
*** 241,246 ****
--- 241,256 ----

        /*
         * XXX
+        * Do nothing if the securelevel is > 0. The justification
+        * being that DDB can be used to lower the securelevel, so
+        * if we run > 0, we should not be able to run DDB at all.
+        * Modifying DDB to be securelevel friendly is not an option.
+        */
+       if(securelevel > 0)
+               return;
+
+       /*
+        * XXX
         * Do nothing if the console is in graphics mode.  This is
         * OK if the call is for the debugger hotkey but not if the call
         * is a weak form of panicing.

Brian Mitchell                                  brian () firehouse net
"BSD code sucks. Of course, everything else sucks far more."
- Theo de Raadt (OpenBSD President)