From owner-freebsd-current@FreeBSD.ORG Thu May 29 09:29:19 2014 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 078EE198 for ; Thu, 29 May 2014 09:29:19 +0000 (UTC) Received: from forward2l.mail.yandex.net (forward2l.mail.yandex.net [84.201.143.145]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "forwards.mail.yandex.net", Issuer "Certum Level IV CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id AD2CD22DC for ; Thu, 29 May 2014 09:29:18 +0000 (UTC) Received: from smtp3h.mail.yandex.net (smtp3h.mail.yandex.net [84.201.186.20]) by forward2l.mail.yandex.net (Yandex) with ESMTP id 86CC61AC0DBD; Thu, 29 May 2014 13:29:09 +0400 (MSK) Received: from smtp3h.mail.yandex.net (localhost [127.0.0.1]) by smtp3h.mail.yandex.net (Yandex) with ESMTP id 27AD61B43D41; Thu, 29 May 2014 13:29:09 +0400 (MSK) Received: from 5.255.234.249-red.dhcp.yndx.net (5.255.234.249-red.dhcp.yndx.net [5.255.234.249]) by smtp3h.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id yclIn3qYyT-T8XOSpQV; Thu, 29 May 2014 13:29:08 +0400 (using TLSv1 with cipher AES128-SHA (128/128 bits)) (Client certificate not present) X-Yandex-Uniq: a2889c1a-9c7d-40d6-9670-3dee048402f1 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail; t=1401355748; bh=U9gxkz85oEM15sI0ZemvZLhtALUpxK1j/AbUKZKlMWY=; h=Message-ID:Date:From:User-Agent:MIME-Version:To:Subject: References:In-Reply-To:X-Enigmail-Version:Content-Type; b=JVZUr/OiA49wOqTYbnI3nnY9Rowi625BEAJCRtD9aEUfPTgYwnDTNARYaH0Eexzpc d18ElvOUY1iHClXKkbaPCjcy55172tPSYdkkK982rmEbf11S3JEngm3phucKbJzF6P llC96mOrMlQWz8cBLFNFKYaGeArRSR9Qfe/f92k8= Authentication-Results: smtp3h.mail.yandex.net; dkim=pass header.i=@yandex.ru Message-ID: <5386FDC7.3020806@yandex.ru> Date: Thu, 29 May 2014 13:28:39 +0400 From: "Andrey V. Elsukov" User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:24.0) Gecko/20100101 Thunderbird/24.5.0 MIME-Version: 1.0 To: Vladimir Sharun , Current FreeBSD Subject: Re: gpart destroy, zpool destroy, zfs destroy under securelevel 3 References: <1401109957.895077023.n4pnr8ak@frv45.fwdcdn.com> <5386EBC6.2090306@yandex.ru> <1401353579.467560473.vpvuu1e5@frv45.fwdcdn.com> In-Reply-To: <1401353579.467560473.vpvuu1e5@frv45.fwdcdn.com> X-Enigmail-Version: 1.6 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="7WrU8S3vKrR0WAUtIChkKBW374igPrhjm" X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 May 2014 09:29:19 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --7WrU8S3vKrR0WAUtIChkKBW374igPrhjm Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable On 29.05.2014 12:56, Vladimir Sharun wrote: > Hello, >=20 >> if you have root privileges you can just write some random bytes in so= me >> places and this will be enough to break your system. So, restricting >> some gpart's or zpool's actions depending from securelevel looks like >> protection from kids. >=20 > Having root under securelevel 3 confirmed disallows you to: > 1) Direct write to the block devices such as (a)da > 2) Change rules and/or shutdown pf > 3) Remove system flags such as schg, sunlnk >=20 > I think your statement true in case of securelevel -1, we're talking ab= out > the highest one - 3, which shown in logs. Ok, you are right. But geom_dev restricts access only from user level applications. When GEOM object does access directly via GEOM methods this protection won't work. And it seems it isn't easy to fix, all classes should have own check. --=20 WBR, Andrey V. Elsukov --7WrU8S3vKrR0WAUtIChkKBW374igPrhjm Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (FreeBSD) iQEcBAEBAgAGBQJThv3LAAoJEAHF6gQQyKF6TzcIALvO66qLoaOi0ehkaUk5L2LN ZuqjW9F+ZEWg8hrMEKWJCUO8iOJXKPow1QDsfguIizgJfAVY779Ebl9RygIF6QLV 35Cfbuy628z3MmXtoWt/LUK5DxGvm91jMCTXrq3e4qUjENzYNsc3AlJ6spsWvOUA 9t34MQk6dL3dvZEWtqPfrrJTN6+z/44bIRKlkMgrUPTfAini0Ka5Rc+XYOpNK7H+ uM2DgBsr8kUeJotA+nN6CsnAhoSxE8acM8aKEM/bycFpfppifcfh2+Yw4Nvdbn72 M+7bw2LqbSW/mMCYdLhTqetegXf602AI3ybjYCTSFnwaHCghZnTyO1URf++7/B4= =t3yb -----END PGP SIGNATURE----- --7WrU8S3vKrR0WAUtIChkKBW374igPrhjm--