From owner-freebsd-current@FreeBSD.ORG Mon May 26 13:49:02 2014 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 89931225 for ; Mon, 26 May 2014 13:49:02 +0000 (UTC) Received: from frv191.fwdcdn.com (frv191.fwdcdn.com [212.42.77.191]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 45DEA24F5 for ; Mon, 26 May 2014 13:49:01 +0000 (UTC) Received: from [10.10.1.29] (helo=frv197.fwdcdn.com) by frv191.fwdcdn.com with esmtp ID 1Wov0E-000I0m-T3 for freebsd-current@freebsd.org; Mon, 26 May 2014 16:31:46 +0300 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ukr.net; s=ffe; h=Content-Transfer-Encoding:Content-Type:MIME-Version:Message-Id:To:Subject:From:Date; bh=/FTpseFCzdFpPSZc+6r0d8N/iF2jVlfRPSonqvn0a/E=; b=uhjSfBE7RuRNT6O8/IDnQ2RMLIQ0qFLQ6b3BO8xXEJQkCAb/vEh1/e5btaqGTkyonah4WFGXXCQ577U/OuTi/4plt8AZ3wirPQjXWzYtpDBQ9ytDRdCII+1w7fB2jNTeFuRKzJktfi3ulkO/t1b47tvU3q2BrKVp3E5f88k/o6A=; Received: from [10.10.10.45] (helo=frv45.fwdcdn.com) by frv197.fwdcdn.com with smtp ID 1Wov05-0007vG-0S for freebsd-current@freebsd.org; Mon, 26 May 2014 16:31:37 +0300 Date: Mon, 26 May 2014 16:31:36 +0300 From: Vladimir Sharun Subject: gpart destroy, zpool destroy, zfs destroy under securelevel 3 To: Current FreeBSD X-Mailer: mail.ukr.net 5.0 Message-Id: <1401109957.895077023.n4pnr8ak@frv45.fwdcdn.com> MIME-Version: 1.0 Received: from atz@ukr.net by frv45.fwdcdn.com; Mon, 26 May 2014 16:31:36 +0300 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: binary Content-Disposition: inline X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 May 2014 13:49:02 -0000 Hello FreeBSD community, Recently plays with securelevel and what I discover: no chance for data to survive against remote root, except backups of course. Maybe this log can be a proposal for raising securelevel further or include securelevel support against the software which can deal with zfs and GEOM labels ? root@tests:~ # sysctl kern.securelevel=3 kern.securelevel: -1 -> 3 root@tests:~ # gpart show ada3 gpart: No such geom: ada3. root@tests:~ # gpart create -s gpt /dev/ada3 ada3 created root@tests:~ # gpart add -t freebsd-zfs -l testdisk -a4k /dev/ada3 ada3p1 added root@tests:~ # gpart show /dev/ada3 => 34 1953525101 ada3 GPT (932G) 34 6 - free - (3.0K) 40 1953525088 1 freebsd-zfs (932G) 1953525128 7 - free - (3.5K) root@tests:~ # zpool create testpool /dev/gpt/testdisk root@tests:~ # zpool status testpool pool: testpool state: ONLINE scan: none requested config: NAME STATE READ WRITE CKSUM testpool ONLINE 0 0 0 gpt/testdisk ONLINE 0 0 0 errors: No known data errors root@tests:~ # zfs create testpool/test1 root@tests:~ # zfs list | grep test system/test2 144K 1.78T 144K none testpool 150K 913G 32K /testpool testpool/test1 31K 913G 31K /testpool/test1 root@tests:~ # zfs create testpool/test1 root@tests:~ # zpool destroy testpool root@tests:~ # zpool status testpool cannot open 'testpool': no such pool root@tests:~ # gpart show /dev/ada3 => 34 1953525101 ada3 GPT (932G) 34 6 - free - (3.0K) 40 1953525088 1 freebsd-zfs (932G) 1953525128 7 - free - (3.5K) root@tests:~ # gpart delete -i 1 /dev/ada3 ada3p1 deleted root@tests:~ # gpart destroy /dev/ada3 ada3 destroyed root@tests:~ # gpart show /dev/ada3 gpart: No such geom: /dev/ada3. root@tests:~ # sysctl kern.securelevel kern.securelevel: 3