#
fa9896e0 |
|
16-Aug-2023 |
Warner Losh <imp@FreeBSD.org> |
Remove $FreeBSD$: two-line nroff pattern Remove /^\.\\"\n\.\\"\s*\$FreeBSD\$$\n/
|
#
287d467c |
|
18-Jul-2022 |
Mitchell Horne <mhorne@FreeBSD.org> |
mac: add new mac_ddb(4) policy Generally, access to the kernel debugger is considered to be unsafe from a security perspective since it presents an unrestricted interface to inspect or modify the system state, including sensitive data such as signing keys. However, having some access to debugger functionality on production systems may be useful in determining the cause of a panic or hang. Therefore, it is desirable to have an optional policy which allows limited use of ddb(4) while disabling the functionality which could reveal system secrets. This loadable MAC module allows for the use of some ddb(4) commands while preventing the execution of others. The commands have been broadly grouped into three categories: - Those which are 'safe' and will not emit sensitive data (e.g. trace). Generally, these commands are deterministic and don't accept arguments. - Those which are definitively unsafe (e.g. examine <addr>, search <addr> <value>) - Commands which may be safe to execute depending on the arguments provided (e.g. show thread <addr>). Safe commands have been flagged as such with the DB_CMD_MEMSAFE flag. Commands requiring extra validation can provide a function to do so. For example, 'show thread <addr>' can be used as long as addr can be checked against the system's list of process structures. The policy also prevents debugger backends other than ddb(4) from executing, for example gdb(4). Reviewed by: markj, pauamma_gundo.com (manpages) Sponsored by: Juniper Networks, Inc. Sponsored by: Klara, Inc. Differential Revision: https://reviews.freebsd.org/D35371
|
#
7fc6a8ae |
|
18-Jun-2011 |
Pawel Jakub Dawidek <pjd@FreeBSD.org> |
Correct subcommand name 'unset' -> 'unscript'.
|
#
a7d5f7eb |
|
19-Oct-2010 |
Jamie Gritton <jamie@FreeBSD.org> |
A new jail(8) with a configuration file, to replace the work currently done by /etc/rc.d/jail.
|
#
fe0506d7 |
|
09-Mar-2010 |
Marcel Moolenaar <marcel@FreeBSD.org> |
Create the altix project branch. The altix project will add support for the SGI Altix 350 to FreeBSD/ia64. The hardware used for porting is a two-module system, consisting of a base compute module and a CPU expansion module. SGI's NUMAFlex architecture can be an excellent platform to test CPU affinity and NUMA-aware features in FreeBSD.
|
#
138f7e4b |
|
24-Dec-2008 |
Tom Rhodes <trhodes@FreeBSD.org> |
Apply various fixes: Silence mdoc(7) warnings; Xref correct manual pages; Point user to the ddb.8 manual page. PR: 129398 Submitted by: gavin
|
#
d7f03759 |
|
19-Oct-2008 |
Ulf Lilleengen <lulf@FreeBSD.org> |
- Import the HEAD csup code which is the basis for the cvsmode work.
|
#
1492a260 |
|
03-Aug-2008 |
Robert Watson <rwatson@FreeBSD.org> |
DDB scripting, textdumps, output capture, etc, all will appear in FreeBSD 7.1 before 8.0 ships. Spotted by: Ulrich Spoerlein <uspoerlein at gmail dot com> MFC after: 3 days
|
#
06934245 |
|
25-Apr-2008 |
Robert Watson <rwatson@FreeBSD.org> |
Add "ddb capture print" and "ddb capture status" commands do ddb(8), alowing the DDB output capture buffer to be easily extracted from user space. Both of these commands include -M/-N arguments, allowing them to be used with kernel crash dumps (or /dev/mem). This makes it easier to use DDB scripting and output capture with minidumps or full dumps rather than with text dumps, allowing DDB output (scripted or otherwise) to be easily extracted from a crash dump. MFC after: 1 week Discussed with: brooks, jhb
|
#
85018ba5 |
|
04-Apr-2008 |
Ruslan Ermilov <ru@FreeBSD.org> |
- Normalize usage(), add "ddb pathname" syntax. - Revise the manpage.
|
#
14084ab9 |
|
05-Mar-2008 |
Brooks Davis <brooks@FreeBSD.org> |
Add the ability to read a file of commands to ddb(8) modeled after the feature in ipfw(8).
|
#
9f583488 |
|
25-Dec-2007 |
Robert Watson <rwatson@FreeBSD.org> |
Minor formatting tweaks. Point at ddb(4) and textdump(4) man pages for more script examples. MFC after: 3 months
|
#
a1f25b0d |
|
26-Dec-2007 |
Robert Watson <rwatson@FreeBSD.org> |
Add command-line tool ddb(8), which allows DDB(4) scripts to be managed from userspace. It is largely a wrapper for sysctl() calls, but because the sysctls for adding and removing scripts are awkward to use directly, this provides an easier-to-use interface. MFC after: 3 months
|