On 22/01/20(Wed) 14:56, Theo de Raadt wrote:
> Todd C. Miller <[email protected]> wrote:
>
> > On Wed, 22 Jan 2020 15:12:25 +0100, Martin Pieuchot wrote:
> >
> > > dt(4) is a debugging interface that allows userland to read kernel
> > > addresses. So its access should be restricted by default, just like
> > > mem(4).
> > >
> > > Diff prevent opening the pseudo-device unless `allowkmem' is set.
> >
> > Does it really make sense to reuse `allowkmem' for this? This will
> > mean that in order to use dt(4) you also have to open up mem(4).
> > I don't think that is desirable.
>
> The things you can learn via dt are a stong inspection window into
> kmem. I think it's stronger than immediately obvious.
>
> > If you want to disable dt(4) by default I think you are better off
> > using a new sysctl knob.
>
> I'm on the fence about it. But it is small, so I think allowdt is
> better.
Sure! Diff below does that, ok?
Index: dev/dt/dt_dev.c
===================================================================
RCS file: /cvs/src/sys/dev/dt/dt_dev.c,v
retrieving revision 1.1
diff -u -p -r1.1 dt_dev.c
--- dev/dt/dt_dev.c 21 Jan 2020 16:16:23 -0000 1.1
+++ dev/dt/dt_dev.c 23 Jan 2020 08:56:00 -0000
@@ -132,6 +132,10 @@ dtopen(dev_t dev, int flags, int mode, s
{
struct dt_softc *sc;
int unit = minor(dev);
+ extern int allowdt;
+
+ if (!allowdt)
+ return EPERM;
KASSERT(dtlookup(unit) == NULL);
Index: kern/kern_sysctl.c
===================================================================
RCS file: /cvs/src/sys/kern/kern_sysctl.c,v
retrieving revision 1.369
diff -u -p -r1.369 kern_sysctl.c
--- kern/kern_sysctl.c 2 Jan 2020 08:52:53 -0000 1.369
+++ kern/kern_sysctl.c 23 Jan 2020 08:54:12 -0000
@@ -129,6 +129,7 @@ extern int audio_record_enable;
#endif
int allowkmem;
+int allowdt;
int sysctl_diskinit(int, struct proc *);
int sysctl_proc_args(int *, u_int, void *, size_t *, struct proc *);
@@ -358,12 +359,14 @@ kern_sysctl(int *name, u_int namelen, vo
return (EPERM);
securelevel = level;
return (0);
+ case KERN_ALLOWDT:
+ if (securelevel > 0)
+ return (sysctl_rdint(oldp, oldlenp, newp, allowdt));
+ return (sysctl_int(oldp, oldlenp, newp, newlen, &allowdt));
case KERN_ALLOWKMEM:
if (securelevel > 0)
- return (sysctl_rdint(oldp, oldlenp, newp,
- allowkmem));
- return (sysctl_int(oldp, oldlenp, newp, newlen,
- &allowkmem));
+ return (sysctl_rdint(oldp, oldlenp, newp, allowkmem));
+ return (sysctl_int(oldp, oldlenp, newp, newlen, &allowkmem));
case KERN_HOSTNAME:
error = sysctl_tstring(oldp, oldlenp, newp, newlen,
hostname, sizeof(hostname));
Index: sys/sysctl.h
===================================================================
RCS file: /cvs/src/sys/sys/sysctl.h,v
retrieving revision 1.199
diff -u -p -r1.199 sysctl.h
--- sys/sysctl.h 24 Dec 2019 13:13:54 -0000 1.199
+++ sys/sysctl.h 23 Jan 2020 08:55:26 -0000
@@ -165,7 +165,7 @@ struct ctlname {
#define KERN_SHMINFO 62 /* struct: SysV struct shminfo
*/
#define KERN_INTRCNT 63 /* node: interrupt counters */
#define KERN_WATCHDOG 64 /* node: watchdog */
-/* was KERN_EMUL 65 */
+#define KERN_ALLOWDT 65 /* int: allowdt */
#define KERN_PROC 66 /* struct: process entries */
#define KERN_MAXCLUSTERS 67 /* number of mclusters */
#define KERN_EVCOUNT 68 /* node: event counters */
@@ -257,7 +257,7 @@ struct ctlname {
{ "shminfo", CTLTYPE_STRUCT }, \
{ "intrcnt", CTLTYPE_NODE }, \
{ "watchdog", CTLTYPE_NODE }, \
- { "gap", 0 }, \
+ { "allowdt", CTLTYPE_INT }, \
{ "proc", CTLTYPE_STRUCT }, \
{ "maxclusters", CTLTYPE_INT }, \
{ "evcount", CTLTYPE_NODE }, \
