From owner-freebsd-current@FreeBSD.ORG  Mon Apr  4 03:05:25 2005
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 86B9D16A4CE; Mon,  4 Apr 2005 03:05:25 +0000 (GMT)
Received: from cain.gsoft.com.au (cain.gsoft.com.au [203.31.81.10])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 9B4AA43D39; Mon,  4 Apr 2005 03:05:24 +0000 (GMT)
	(envelope-from doconnor@gsoft.com.au)
Received: from inchoate.gsoft.com.au (localhost [127.0.0.1])
	(authenticated bits=0)
	by cain.gsoft.com.au (8.12.11/8.12.10) with ESMTP id j3435Hp0025204;
	Mon, 4 Apr 2005 12:35:17 +0930 (CST)
	(envelope-from doconnor@gsoft.com.au)
From: "Daniel O'Connor" <doconnor@gsoft.com.au>
To: Andrey Chernov <ache@nagual.pp.ru>
Date: Mon, 4 Apr 2005 12:35:15 +0930
User-Agent: KMail/1.8
References: <20050403232027.GA42574@nagual.pp.ru>
	<200504041145.25265.doconnor@gsoft.com.au>
	<20050404025705.GA48464@nagual.pp.ru>
In-Reply-To: <20050404025705.GA48464@nagual.pp.ru>
MIME-Version: 1.0
Content-Type: multipart/signed;
  boundary="nextPart2625569.ZYAPpXyHc1";
  protocol="application/pgp-signature";
  micalg=pgp-sha1
Content-Transfer-Encoding: 7bit
Message-Id: <200504041235.15749.doconnor@gsoft.com.au>
X-Spam-Score: -2.2 ()
	IN_REP_TO,MIME_LONG_LINE_QP,PGP_SIGNATURE_2,QUOTED_EMAIL_TEXT,REFERENCES,SPAM_PHRASE_00_01,USER_AGENT
X-Scanned-By: MIMEDefang 2.16 (www . roaringpenguin . com / mimedefang)
cc: phk@FreeBSD.ORG
cc: current@FreeBSD.ORG
Subject: Re: Can't change partition table anymore
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Apr 2005 03:05:25 -0000

--nextPart2625569.ZYAPpXyHc1
Content-Type: text/plain;
  charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

On Mon, 4 Apr 2005 12:27, Andrey Chernov wrote:
> On Mon, Apr 04, 2005 at 11:45:17AM +0930, Daniel O'Connor wrote:
> > Altering the MBR while you have a partition mounted is potentially quite
> > dangerous.
>
> Don't say "dangerous" for _root_ user. Is there any purpose left for being
> root anymore? According to your logic, all root operations should be
> disabled by some unknown undocumented sysctls because it is too dangerous
> to be the root. Better kill yourself than to be the root.

Why chflags noschg libc and the kernel then?
Why have any warnings on anything?

> > The reason it was possible in the past was because there was no
> > protection against this kind of thing.
>
> Does anybody asks for protection here? It was not me. It was not majority
> of Unix sysadmins. Such kind of protection should be turned off by default
> in case it even exists as the toy for some paranoid people.

I'm not sure that is the case.

> > Use boot0cfg and the FreeBSD bootloader instead?
>
> boot0cfg not works (I assume the reason is the same).
>
> I can't write FreeBSD bootloader because reinstalled Windows overwrite it
> with standard MBR and sysinstall don't allow to write bootloader anymore.
> The only thing I not try yet in that situation was 'dd' - I was too lasy
> to find needed byte.

Strange, I can run boot0cfg fine here..

[inchoate 12:34] ~ >sudo boot0cfg -Bv -o nopacket /dev/ad0
#   flag     start chs   type       end chs       offset         size
1   0x00      0:  1: 1   0x06     63: 11:63           63        64197
2   0x00      4:  0: 1   0x0f    891:254:63        64260     30716280
3   0x80    892:  0: 1   0xa5    127:254:63     30780540     86429700

version=3D1.0  drive=3D0x80  mask=3D0xf  ticks=3D182
options=3Dnopacket,update,nosetdrv
default_selection=3DF1 (Slice 1)

[inchoate 12:34] ~ >sudo boot0cfg -Bv -o packet /dev/ad0
#   flag     start chs   type       end chs       offset         size
1   0x00      0:  1: 1   0x06     63: 11:63           63        64197
2   0x00      4:  0: 1   0x0f    891:254:63        64260     30716280
3   0x80    892:  0: 1   0xa5    127:254:63     30780540     86429700

version=3D1.0  drive=3D0x80  mask=3D0xf  ticks=3D182
options=3Dpacket,update,nosetdrv
default_selection=3DF1 (Slice 1)

[inchoate 12:34] ~ >uname -a
=46reeBSD inchoate.localdomain 6.0-CURRENT FreeBSD 6.0-CURRENT #1: Thu Mar =
31 11:28:52 CST 2005     darius@inchoate.localdomain:/usr/src/sys/i386/comp=
ile/INCHOATE  i386

[inchoate 12:34] ~ >mount
/dev/ad0s3a on / (ufs, local)
devfs on /dev (devfs, local)
/dev/ad0s3e on /usr (ufs, local, soft-updates)
/dev/ad0s3d on /var (ufs, local, soft-updates)
procfs on /proc (procfs, local)
linprocfs on /usr/compat/linux/proc (linprocfs, local)

=2D-=20
Daniel O'Connor software and network engineer
for Genesis Software - http://www.gsoft.com.au
"The nice thing about standards is that there
are so many of them to choose from."
  -- Andrew Tanenbaum
GPG Fingerprint - 5596 B766 97C0 0E94 4347 295E E593 DC20 7B3F CE8C

--nextPart2625569.ZYAPpXyHc1
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (FreeBSD)

iD8DBQBCUK7r5ZPcIHs/zowRAj3zAJ9kSVpA+C5TZH9Nz0Rx2jtwWFA4DwCfaKDa
CIiNoorAZBIjKuY+6jeN/vc=
=sIDT
-----END PGP SIGNATURE-----

--nextPart2625569.ZYAPpXyHc1--