lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Thu, 19 Jun 2014 14:19:29 +0100
From:	Daniel Thompson <daniel.thompson@...aro.org>
To:	kgdb-bugreport@...ts.sourceforge.net,
	Jason Wessel <jason.wessel@...driver.com>
Cc:	Daniel Thompson <daniel.thompson@...aro.org>, patches@...aro.org,
	linaro-kernel@...ts.linaro.org, linux-kernel@...r.kernel.org,
	Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
	Jiri Slaby <jslaby@...e.cz>,
	Steven Rostedt <rostedt@...dmis.org>,
	Frederic Weisbecker <fweisbec@...il.com>,
	Ingo Molnar <mingo@...hat.com>,
	John Stultz <john.stultz@...aro.org>,
	Anton Vorontsov <anton.vorontsov@...aro.org>,
	Colin Cross <ccross@...roid.com>, kernel-team@...roid.com
Subject: [PATCH v5 0/8] kdb: Allow selective reduction in capabilities (was "kiosk mode")

This patchset implements restricted modes for the KDB debugger. It is a 
continuation of previous kiosk mode work of Anton Vorontsov. There are 
no outstanding review comments for this patchset.

It provides a means for the root user to choose the set of kdb commands
that are available on the kdb console. It is implemented similarly to
the existing code to mask the available magic SysRq commands with modes
for disable-all (0), enable-all(1) and a bitmask to enable/disable
groups of functionality.

The implementation of the mask check includes a feature to allow command
to change which group they belong to based on whether or not the command
has arguments (for example, go without arguments is a very safe command
whilst go with an argument allows arbitrary changes to the program
counter).

There are a few patches, some are just cleanups, some are churn-ish
cleanups, but inevitable. And the rest implements the mode -- after all
the preparations, everything is pretty straightforward. The first patch
is actually a pure bug fix (arguably unrelated to kiosk mode) but
collides with the code to honour the SysRq mask when capabilities are
restricted so I have included it here.

Changes since v4:
 * Rebase to 3.16rc1.
 * Drop patches to avoid deadlock on sysrq spin lock (Rik van Riel's
   984d74a... is a much better approach).

Changes since v3:
 * Rebase to latest mainline (3.15rc4).
 * Improved commenting on safety of calls to __handle_sysrq_nolock
 * Remove magic shift value in the command categorization values and
   expressed the flags using shifts to make code review of the defined
   shift value easier.

Changes since v2:
 * Fixed stupid build error when CONFIG_KDB[_KIOSK]_DEFAULT_ENABLE was not
   defined.
 * Increase flexibility by allowing the userspace greater control over the
   commands to be restricted.
 * Removed the "kiosk" terminology. Its confusing.

Changes since v1 (circa 2012):

 * ef (Display exception frame) is essentially an overly complex peek
   and has therefore been marked unsafe
 * bt (Stack traceback) has been marked safe only with no arguments
 * sr (Magic SysRq key) honours the sysrq mask when called in kiosk
   mode
 * Fixed over-zealous blocking of macro commands
 * Symbol lookup is forbidden by kdbgetaddrarg (more robust, better 
   error reporting to user)
 * Fix deadlock in sr (Magic SysRq key)
 * Better help text in kiosk mode
 * Default (kiosk on/off) can be changed From the config file.

Anton Vorontsov (6):
  kdb: Remove currently unused kdbtab_t->cmd_flags
  kdb: Rename kdb_repeat_t to kdb_cmdflags_t, cmd_repeat to cmd_flags
  kdb: Rename kdb_register_repeat() to kdb_register_flags()
  kdb: Use KDB_REPEAT_* values as flags
  kdb: Remove KDB_REPEAT_NONE flag
  kdb: Add enable mask for groups of commands

Daniel Thompson (2):
  kdb: Categorize kdb commands (similar to SysRq categorization)
  kdb: Allow access to sensitive commands to be restricted by default

 include/linux/kdb.h            |  62 ++++++++--
 kernel/debug/kdb/kdb_bp.c      |  37 +++---
 kernel/debug/kdb/kdb_main.c    | 263 ++++++++++++++++++++++++++---------------
 kernel/debug/kdb/kdb_private.h |   3 +-
 kernel/trace/trace_kdb.c       |   4 +-
 lib/Kconfig.kgdb               |  25 ++++
 6 files changed, 271 insertions(+), 123 deletions(-)

-- 
1.9.3

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists