|| ||Anton Vorontsov <firstname.lastname@example.org> |
|| ||Jason Wessel <email@example.com> |
|| ||[PATCH 0/7] KDB: Kiosk (reduced capabilities) mode |
|| ||Thu, 26 Jul 2012 07:25:14 -0700|
|| ||Andrew Morton <firstname.lastname@example.org>,
Steven Rostedt <email@example.com>,
John Stultz <firstname.lastname@example.org>, email@example.com,
|| ||Article, Thread
Here is a patchset that implements "kiosk" mode for KDB debugger. The
mode provides reduced set of features, so that it is no longer possible
to leak sensitive data via the debugger, and not possible to change
program flow in a predefined manner.
The are two use-cases for the mode, one is evil, but another is quite
The evil use case is used by some (ahem) phone manufaturers that want
to have a debuging facilities on a production device, but still don't
want you to use the debugger to gain root access. I don't like locked
phones, and I would not touch this/get my hands dirty by implementing
the feature just for this evil (IMHO) use case.
But there is another non-evil use case: limitting access to public
devices, i.e. "kiosks", ATMs (is that too much?) or just public
computers w/ guest access. I can imagine that an administrator would
want to setup a kernel so that upon an oops (or a sysrq event) the
kernel would enter KDB, but at the same time, he would not want to
leak sensitive data from the PC by means of the debugger.
There are seven patches, the first five of them are just cleanups and
preparations. I believe these five patches are good even if not
considering the kiosk mode. And the rest of patches actually implement
the mode -- it is pretty straightforward.
Note that we might impelement the same mode for KGDB stub, but so far
we don't bother.
include/linux/kdb.h | 16 ++--
kernel/debug/kdb/kdb_bp.c | 35 ++++----
kernel/debug/kdb/kdb_main.c | 183 +++++++++++++++++++++-------------------
kernel/debug/kdb/kdb_private.h | 3 +-
kernel/trace/trace_kdb.c | 4 +-
5 files changed, 126 insertions(+), 115 deletions(-)
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to firstname.lastname@example.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/