From owner-freebsd-fs@freebsd.org Fri Feb 23 16:46:14 2018 Return-Path: Delivered-To: freebsd-fs@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A0D39F0598D; Fri, 23 Feb 2018 16:46:14 +0000 (UTC) (envelope-from ben.rubson@gmail.com) Received: from mail-wm0-x22d.google.com (mail-wm0-x22d.google.com [IPv6:2a00:1450:400c:c09::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 1604669DBA; Fri, 23 Feb 2018 16:46:14 +0000 (UTC) (envelope-from ben.rubson@gmail.com) Received: by mail-wm0-x22d.google.com with SMTP id h21so5814689wmd.1; Fri, 23 Feb 2018 08:46:14 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=VYsHmDeeBM3VdypSFP31nKWDbMHt3av+c81AqXAbiVI=; b=tUuZFT9HIwZDC5qdlMW5OYYFaOL1vTCh/J5Lb8WlD7FSHrkn4MY3Vv4aaPICD+ma2A aefUIfGmV1B+iwryAB9U4ukO/LCfZasfZeSzRIx9ZX0PT6IcuwgB0hkwHvJaHLg55eKh 1Ugf9+CCXdsiltF91GCPdsXU4N0N6+V6Gn0sVmzhDLrDqGLSfdM+raNCoISkuajZmpL+ ptH//AqkKbjZS2r9PTeF+VRrLKh5m8csT8GNxkz1aaso7eany1J1xEKPnd+fKzVASBye 6Xr/A7pHt7nAV+raZqp4Fsu67R5avKLFi/xqKpdSaYhV7/K+va/Z8tuh1QBrBiZkZlw5 k2iw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=VYsHmDeeBM3VdypSFP31nKWDbMHt3av+c81AqXAbiVI=; b=jc9u62EeA9x6eHXMtqJA4j2VDhktO6DQtlSXssCo5bIfiw9DbQEQ/OvUhXiv3UP1qy 8Vy9bAqbJ5+dXWJZ1oF+eSScu/KpSSsx6v2FifC2t2t96Td+KknkCYzzEqAlzynKgD9M VX3+THGb0zz6+jmspJaHDu53gus7e7ZJzscb8drJpcmcpuMYIoDg0D+A3pn0X+Kw0XNW WLv5oC1CqZsDfWTI309K6j+g0TD/4npZj10SeMAOPiH+VpDcykXExjqWCrkP8i5kLNuT zrUtyPcJLoafzD/vW1nT04XF4bX/P17Cuf16FYK2eIvfA19DV5TL7zvVEWOG4CxVX+Wd zgCQ== X-Gm-Message-State: APf1xPCOd0gkFc3uLfMBqobLd85sv0ih/nSl4xP5gcWmLqxoEE2HhMMk o/mSM8Tritrh/eqxW2d7GdJnSn73 X-Google-Smtp-Source: AG47ELtyGnQVabfVyZ6/X9/J+6rx6fZMnOL66BhXJcQoTXb/LPPe7d49biPYLB1oQaJqRFVfsuyQ/g== X-Received: by 10.28.32.202 with SMTP id g193mr2008832wmg.99.1519404373091; Fri, 23 Feb 2018 08:46:13 -0800 (PST) Received: from bens-mac.home (LFbn-NIC-1-211-113.w2-15.abo.wanadoo.fr. [2.15.58.113]) by smtp.gmail.com with ESMTPSA id x189sm3114900wmg.23.2018.02.23.08.46.11 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Fri, 23 Feb 2018 08:46:12 -0800 (PST) Content-Type: text/plain; charset=us-ascii; delsp=yes; format=flowed Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\)) Subject: Re: smartmontools and kern.securelevel From: Ben RUBSON In-Reply-To: Date: Fri, 23 Feb 2018 17:46:10 +0100 Cc: Freebsd fs , FreeBSD-scsi Content-Transfer-Encoding: 7bit Message-Id: <4C1D44AF-8247-4601-A39C-A8C0A5C8CBD8@gmail.com> References: <0985ABD3-D141-4EE2-B1B3-3016B16E2B68@gmail.com> To: Warner Losh X-Mailer: Apple Mail (2.3124) X-BeenThere: freebsd-fs@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Filesystems List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Feb 2018 16:46:14 -0000 On 23 Feb 2018, Warner Losh wrote: > On Fri, Feb 23, 2018 at 8:20 AM, Ben RUBSON wrote: > >> Hi, >> >> I run smartmontools on my storage servers, to launch periodic disk tests >> and alert on disk errors. >> >> Unfortunately, if we set sysctl kern.securelevel >=2, smartmontools does >> not work anymore. >> Certainly because it needs to write directly to raw devices. >> (details of the levels, -1 to 3, in security(7)) >> >> Any workaround to this ? >> >> Perhaps we could think about allowing SMART commands to be written to >> disks when sysctl kern.securelevel >=2 ? >> (I assume smartmontools writes SMART commands) > > Sending raw disks commands is inherently insecure. It's hard to create a > list of those commands that are OK because of the complexity and > diversity of the needed functionality. That complexity also makes it hard > to put the commands into a series of ioctls which could be made more > secure. Thank you for your feedback Warner. Can't all SMART commands be easily identified among the others ? (when a command arrives, does kernel sees it is SMART flagged ?) Perhaps you assume some SMART commands may be dangerous for the disks' data itself ? Thank you again, Ben