Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 24 Feb 2024 00:15:34 +0100 (CET)
From:      henrichhartzer@tuta.io
To:        Vincent Stemen <vince.bsd@hightek.org>
Cc:        Freebsd Stable <freebsd-stable@freebsd.org>
Subject:   Re: gpart device permissions security hole (/dev/geom.ctl)
Message-ID:  <NrNF9nW--3-9@tuta.io>
In-Reply-To: <Zde7TAehUyMvDQ5F@marble.hightek.org>
References:  <ZdE2Hm6y5Fel2etP@marble.hightek.org> <slrnutei1n.1ebh.pmc@disp.intra.daemon.contact> <Zde7TAehUyMvDQ5F@marble.hightek.org>

next in thread | previous in thread | raw e-mail | index | archive | help
I agree that this doesn't make much sense. Read only access should not imply any kind of writing functionality.

What would it take to change this? I'm not familiar enough to say.

Thanks for posting, Vincent!

-Henrich

Feb 22, 2024, 21:23 by vince.bsd@hightek.org:

> On Thu, Feb 22, 2024 at 01:12:23PM -0000, Peter 'PMc' Much wrote:
>
>> On 2024-02-17, Vincent Stemen <vince.bsd@hightek.org> wrote:
>> >
>> > I have been a Unix systems administrator for well over 35 years and It's not
>> > uncommon for administrators to belong to the operator group for restricted
>> > admin tasks.  It is completely unexpected to discover the user can wipe out
>> > the whole system.
>>
>> Removing the number plate from your house doesn't destroy the house.
>> It only might stop it from being accessed by people.
>>
>
> BTW, correction to my original statement.  The operator can only modify
> unmounted partitions.  So any unmounted partitions or partitioned drives
> on standby for failover, backups, etc, can have their partitions deleted
> or changed, which will certainly stop access to the data on those
> devices.
>
> So stopping access to your data isn't much different than destroying it
> if you can never find it again.  If you have a house somewhere in the
> country, with no address, other than perhaps what state it is in (which
> drive), have fun finding it.   So your analogy is a distinction without
> a difference.  Not only that, if the partition table gets modified
> without the sys-admin realizing it, and it gets written to, it most
> certainly can destroy the data.
>
> The way it is currently, there is apparently no way to grant individual
> permissions to a user, through the operator or any other group to, for
> example, partition a thumb drive, because permission to modify
> partitions is controlled for all geom devices via the one /dev/geom.ctl
> file. 
>
> We also discussed this issue more extensively in the forum.
> https://forums.freebsd.org/threads/gpart-device-permissions-security-hole-dev-geom-ctl.92397/
>




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?NrNF9nW--3-9>