feat: Added FreeBSD man pages

1 files changed, 108 insertions, 0 deletions

diff --git a/static/freebsd/man4/mac_ddb.4 b/static/freebsd/man4/mac_ddb.4
new file mode 100644
index 00000000..5127fa78
--- /dev/null
+++ b/static/freebsd/man4/mac_ddb.4
@@ -0,0 +1,108 @@
+.\" Copyright (c) 2022 Klara Systems
+.\"
+.\" This software was developed by Mitchell Horne <mhorne@FreeBSD.org>
+.\" under sponsorship from Juniper Networks and Klara Systems.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.Dd June 29, 2022
+.Dt MAC_DDB 4
+.Os
+.Sh NAME
+.Nm mac_ddb
+.Nd "Restricted kernel debugger interface policy"
+.Sh SYNOPSIS
+To compile the ddb policy
+into your kernel, place the following lines in your kernel
+configuration file:
+.Bd -ragged -offset indent
+.Cd "options MAC"
+.Cd "options MAC_DDB"
+.Ed
+.Pp
+Alternately, to load the ddb module at boot time, place the following line
+in your kernel configuration file:
+.Bd -ragged -offset indent
+.Cd "options MAC"
+.Ed
+.Pp
+and in
+.Xr loader.conf 5 :
+.Bd -literal -offset indent
+mac_ddb_load="YES"
+.Ed
+.Sh DESCRIPTION
+The
+.Nm
+policy module implements a MAC policy which restricts the set of commands that
+can be used at the
+.Xr ddb 4
+command prompt.
+The subset of permitted commands is limited to those which do not read or write
+to arbitrary memory locations.
+This is done to deter the possible extraction of system secrets while still
+allowing enough debugger functionality to diagnose a kernel panic.
+For example, the
+.Ic trace
+or
+.Ic show registers
+commands are allowed by this policy, but
+.Ic show Cm buffer Ar addr
+is not.
+.Pp
+All debugger commands that are declared with the
+.Va DB_CMD_MEMSAFE
+flag are allowed by
+.Nm .
+The policy provides validation functions to conditionally allow some additional
+commands, based on the user provided arguments.
+.Pp
+When loaded, the
+.Nm
+policy also ensures that only the
+.Xr ddb 4
+debugger backend may be executed;
+.Xr gdb 4
+may not.
+.Ss Label Format
+No labels are defined for
+.Nm .
+.Sh SEE ALSO
+.Xr ddb 4 ,
+.Xr mac 4 ,
+.Xr mac_biba 4 ,
+.Xr mac_bsdextended 4 ,
+.Xr mac_ifoff 4 ,
+.Xr mac_lomac 4 ,
+.Xr mac_mls 4 ,
+.Xr mac_none 4 ,
+.Xr mac_partition 4 ,
+.Xr mac_portacl 4 ,
+.Xr mac_seeotheruids 4 ,
+.Xr mac_test 4 ,
+.Xr mac 9
+.Sh BUGS
+While the MAC Framework design is intended to support the containment of
+the root user, not all attack channels are currently protected by entry
+point checks.
+As such, MAC Framework policies should not be relied on, in isolation,
+to protect against a malicious privileged user.