Module Name: src
Committed By: snj
Date: Thu Apr 12 20:09:38 UTC 2018
Modified Files:
src/sys/secmodel/extensions [netbsd-8]: secmodel_extensions.c
Log Message:
Pull up following revision(s) (requested by kamil in ticket #713):
sys/secmodel/extensions/secmodel_extensions.c: 1.8
Add new sysctl(3) entry: security.models.extensions.user_set_dbregs
Model this new sysctl(3) entry after "user_set_cpu_affinity" in the same
level of sysctl(3) switches.
Allow to read unconditionally Debug Registers (no change here). This is
convenient as even if a user of a debugger does not use hardware assisted
watchpoints/breakpoints, a debugger can still prompt these values to store
in an internal cache with context of registers. Reading them should have
no security concerns.
Add a paranoid MI switch that prohibits by default setting these registers
by a regular user (non-superuser). Make this switch disabled by default.
There are enough reserved bits out there to allow using them
unconditionally on hardened hosts.
Features shipped with Debug Registers are optional features in debuggers.
There is no reduction in elementary functionality.
Reviewed by <christos>
Sponsored by <The NetBSD Foundation>
To generate a diff of this commit:
cvs rdiff -u -r1.7 -r1.7.10.1 \
src/sys/secmodel/extensions/secmodel_extensions.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/secmodel/extensions/secmodel_extensions.c
diff -u src/sys/secmodel/extensions/secmodel_extensions.c:1.7 src/sys/secmodel/extensions/secmodel_extensions.c:1.7.10.1
--- src/sys/secmodel/extensions/secmodel_extensions.c:1.7 Sat Dec 12 14:57:52 2015
+++ src/sys/secmodel/extensions/secmodel_extensions.c Thu Apr 12 20:09:38 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: secmodel_extensions.c,v 1.7 2015/12/12 14:57:52 maxv Exp $ */
+/* $NetBSD: secmodel_extensions.c,v 1.7.10.1 2018/04/12 20:09:38 snj Exp $ */
/*-
* Copyright (c) 2011 Elad Efrat <e...@netbsd.org>
* All rights reserved.
@@ -27,7 +27,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: secmodel_extensions.c,v 1.7 2015/12/12 14:57:52 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: secmodel_extensions.c,v 1.7.10.1 2018/04/12 20:09:38 snj Exp $");
#include <sys/types.h>
#include <sys/param.h>
@@ -38,6 +38,7 @@ __KERNEL_RCSID(0, "$NetBSD: secmodel_ext
#include <sys/socketvar.h>
#include <sys/sysctl.h>
#include <sys/proc.h>
+#include <sys/ptrace.h>
#include <sys/module.h>
#include <secmodel/secmodel.h>
@@ -49,6 +50,10 @@ static int dovfsusermount;
static int curtain;
static int user_set_cpu_affinity;
+#ifdef PT_SETDBREGS
+int user_set_dbregs;
+#endif
+
static kauth_listener_t l_system, l_process, l_network;
static secmodel_t extensions_sm;
@@ -135,6 +140,17 @@ sysctl_security_extensions_setup(struct
&user_set_cpu_affinity, 0,
CTL_CREATE, CTL_EOL);
+#ifdef PT_SETDBREGS
+ sysctl_createv(clog, 0, &rnode, NULL,
+ CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
+ CTLTYPE_INT, "user_set_dbregs",
+ SYSCTL_DESCR("Whether unprivileged users may set "\
+ "CPU Debug Registers."),
+ sysctl_extensions_user_handler, 0,
+ &user_set_dbregs, 0,
+ CTL_CREATE, CTL_EOL);
+#endif
+
/* Compatibility: vfs.generic.usermount */
sysctl_createv(clog, 0, NULL, NULL,
CTLFLAG_PERMANENT,
@@ -250,6 +266,9 @@ secmodel_extensions_init(void)
curtain = 0;
user_set_cpu_affinity = 0;
+#ifdef PT_SETDBREGS
+ user_set_dbregs = 0;
+#endif
}
static void
