diff options
Diffstat (limited to 'static/freebsd/man4/mac_ddb.4 3.html')
| -rw-r--r-- | static/freebsd/man4/mac_ddb.4 3.html | 80 |
1 files changed, 0 insertions, 80 deletions
diff --git a/static/freebsd/man4/mac_ddb.4 3.html b/static/freebsd/man4/mac_ddb.4 3.html deleted file mode 100644 index 14261b03..00000000 --- a/static/freebsd/man4/mac_ddb.4 3.html +++ /dev/null @@ -1,80 +0,0 @@ -<table class="head"> - <tr> - <td class="head-ltitle">MAC_DDB(4)</td> - <td class="head-vol">Device Drivers Manual</td> - <td class="head-rtitle">MAC_DDB(4)</td> - </tr> -</table> -<div class="manual-text"> -<section class="Sh"> -<h1 class="Sh" id="NAME"><a class="permalink" href="#NAME">NAME</a></h1> -<p class="Pp"><code class="Nm">mac_ddb</code> — - <span class="Nd">Restricted kernel debugger interface policy</span></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="SYNOPSIS"><a class="permalink" href="#SYNOPSIS">SYNOPSIS</a></h1> -<p class="Pp">To compile the ddb policy into your kernel, place the following - lines in your kernel configuration file:</p> -<div class="Bd Pp Bd-indent"><code class="Cd">options MAC</code> -<br/> -<code class="Cd">options MAC_DDB</code></div> -<p class="Pp">Alternately, to load the ddb module at boot time, place the - following line in your kernel configuration file:</p> -<div class="Bd Pp Bd-indent"><code class="Cd">options MAC</code></div> -<p class="Pp">and in <a class="Xr">loader.conf(5)</a>:</p> -<div class="Bd Pp Bd-indent Li"> -<pre>mac_ddb_load="YES"</pre> -</div> -</section> -<section class="Sh"> -<h1 class="Sh" id="DESCRIPTION"><a class="permalink" href="#DESCRIPTION">DESCRIPTION</a></h1> -<p class="Pp">The <code class="Nm">mac_ddb</code> policy module implements a MAC - policy which restricts the set of commands that can be used at the - <a class="Xr">ddb(4)</a> command prompt. The subset of permitted commands is - limited to those which do not read or write to arbitrary memory locations. - This is done to deter the possible extraction of system secrets while still - allowing enough debugger functionality to diagnose a kernel panic. For - example, the <code class="Ic">trace</code> or <code class="Ic">show - registers</code> commands are allowed by this policy, but - <code class="Ic">show</code> <code class="Cm">buffer</code> - <var class="Ar">addr</var> is not.</p> -<p class="Pp">All debugger commands that are declared with the - <var class="Va">DB_CMD_MEMSAFE</var> flag are allowed by - <code class="Nm">mac_ddb</code>. The policy provides validation functions to - conditionally allow some additional commands, based on the user provided - arguments.</p> -<p class="Pp">When loaded, the <code class="Nm">mac_ddb</code> policy also - ensures that only the <a class="Xr">ddb(4)</a> debugger backend may be - executed; <a class="Xr">gdb(4)</a> may not.</p> -<section class="Ss"> -<h2 class="Ss" id="Label_Format"><a class="permalink" href="#Label_Format">Label - Format</a></h2> -<p class="Pp">No labels are defined for <code class="Nm">mac_ddb</code>.</p> -</section> -</section> -<section class="Sh"> -<h1 class="Sh" id="SEE_ALSO"><a class="permalink" href="#SEE_ALSO">SEE - ALSO</a></h1> -<p class="Pp"><a class="Xr">ddb(4)</a>, <a class="Xr">mac(4)</a>, - <a class="Xr">mac_biba(4)</a>, <a class="Xr">mac_bsdextended(4)</a>, - <a class="Xr">mac_ifoff(4)</a>, <a class="Xr">mac_lomac(4)</a>, - <a class="Xr">mac_mls(4)</a>, <a class="Xr">mac_none(4)</a>, - <a class="Xr">mac_partition(4)</a>, <a class="Xr">mac_portacl(4)</a>, - <a class="Xr">mac_seeotheruids(4)</a>, <a class="Xr">mac_test(4)</a>, - <a class="Xr">mac(9)</a></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="BUGS"><a class="permalink" href="#BUGS">BUGS</a></h1> -<p class="Pp">While the MAC Framework design is intended to support the - containment of the root user, not all attack channels are currently - protected by entry point checks. As such, MAC Framework policies should not - be relied on, in isolation, to protect against a malicious privileged - user.</p> -</section> -</div> -<table class="foot"> - <tr> - <td class="foot-date">June 29, 2022</td> - <td class="foot-os">FreeBSD 15.0</td> - </tr> -</table> |