From nobody Sun Feb 25 06:45:39 2024
X-Original-To: freebsd-stable@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4TjDxs651Sz5Bpkn
	for <freebsd-stable@mlmmj.nyi.freebsd.org>; Sun, 25 Feb 2024 06:54:25 +0000 (UTC)
	(envelope-from li-fbsd@citylink.dinoex.sub.org)
Received: from uucp.dinoex.org (uucp.dinoex.org [IPv6:2a0b:f840::12])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "uucp.dinoex.sub.de", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4TjDxr1lN6z4GnB
	for <freebsd-stable@freebsd.org>; Sun, 25 Feb 2024 06:54:24 +0000 (UTC)
	(envelope-from li-fbsd@citylink.dinoex.sub.org)
Authentication-Results: mx1.freebsd.org;
	dkim=none;
	dmarc=none;
	spf=pass (mx1.freebsd.org: domain of li-fbsd@citylink.dinoex.sub.org designates 2a0b:f840::12 as permitted sender) smtp.mailfrom=li-fbsd@citylink.dinoex.sub.org;
	arc=pass ("uucp.dinoex.org:s=M20221114:i=1")
Received: from uucp.dinoex.org (uucp.dinoex.org [IPv6:2a0b:f840:0:0:0:0:0:12])
	by uucp.dinoex.org (8.18.1/8.18.1) with ESMTPS id 41P6s5FJ003350
	(version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO)
	for <freebsd-stable@freebsd.org>; Sun, 25 Feb 2024 07:54:06 +0100 (CET)
	(envelope-from li-fbsd@citylink.dinoex.sub.org)
ARC-Seal: i=1; a=rsa-sha256; d=uucp.dinoex.org; s=M20221114; t=1708844048;
	cv=none; b=Dn1rNZ8qKH2gKhwWZk+YR6qMNarb8QJekkPRq/D7pJ/Eo+1/3nwbJNJy/ZqXYOfzoIouxjqpkMpb2gCeSFIlKFPMjwRAhK4k8SYFxK3gpMXKl7aCsPkKSL+xMgZcfY0zHn18TCp9MrqIkgSDtTS2saSoJvvBNdULl28vMFHgPWI=
ARC-Message-Signature: i=1; a=rsa-sha256; d=uucp.dinoex.org; s=M20221114;
	t=1708844048; c=relaxed/simple;
	bh=2H+u2NfKsbhJl5N08+j0RkJ+V2h1PSY4d8e3wemMUwY=;
	h=Received:Received:Received:X-Authentication-Warning:From:
	 X-Newsgroups:Subject:Date:Message-ID:References:Injection-Date:
	 Injection-Info:User-Agent:To:X-Milter:X-Greylist; b=kNa3xsXTXbQOO2/murb1Bx0Er0OLdVbi0jQA8wssDKeX9fz1GflN5n1lEBPgh1uThTQabsJZeflk2jhl5zhOhI2638in0ZDk4UN+GLgYO7IAdoxA+Ld/UTIKaG5bILJLokiCPBpddI58M1h6Kr59MlZwkfOgKpvNlvZa+//nrBA=
ARC-Authentication-Results: i=1; uucp.dinoex.org
X-MDaemon-Deliver-To: <freebsd-stable@freebsd.org>
Received: (from uucp@localhost)
	by uucp.dinoex.org (8.18.1/8.18.1/Submit) with UUCP id 41P6s5S8003349
	for freebsd-stable@freebsd.org; Sun, 25 Feb 2024 07:54:05 +0100 (CET)
	(envelope-from li-fbsd@citylink.dinoex.sub.org)
Received: from admn.intra.daemon.contact (localhost [127.0.0.1])
	by admn.intra.daemon.contact (8.17.1/8.17.1) with ESMTPS id 41P6k1ja013462
	(version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO)
	for <freebsd-stable@freebsd.org>; Sun, 25 Feb 2024 07:46:02 +0100 (CET)
	(envelope-from li-fbsd@citylink.dinoex.sub.org)
Received: from intra.daemon.contact (news@localhost)
	by admn.intra.daemon.contact (8.17.1/8.17.1/Submit) with NNTP id 41P6jdMu013066
	for freebsd-stable@freebsd.org; Sun, 25 Feb 2024 07:45:39 +0100 (CET)
	(envelope-from li-fbsd@citylink.dinoex.sub.org)
X-Authentication-Warning: admn.intra.daemon.contact: news set sender to li-fbsd@citylink.dinoex.sub.org using -f
From: "Peter 'PMc' Much" <pmc@citylink.dinoex.sub.org>
X-Newsgroups: m2n.fbsd.stable
Subject: Re: gpart device permissions security hole (/dev/geom.ctl)
Date: Sun, 25 Feb 2024 06:45:39 -0000 (UTC)
Message-ID: <slrnutlogj.27vp.pmc@disp.intra.daemon.contact>
References: <ZdE2Hm6y5Fel2etP@marble.hightek.org>
 <slrnutei1n.1ebh.pmc@disp.intra.daemon.contact>
 <Zde7TAehUyMvDQ5F@marble.hightek.org>
 <2421f1a5-d924-4912-abff-e000e41f5459@quip.cz>
 <ZdpK6ltoUgnTSmba@marble.hightek.org>
 <4de9c605-c93d-4286-a402-0bc52e9d62ff@quip.cz>
Injection-Date: Sun, 25 Feb 2024 06:45:39 -0000 (UTC)
Injection-Info: admn.intra.daemon.contact;
	logging-data="13065"; mail-complaints-to="usenet@citylink.dinoex.sub.org"
User-Agent: slrn/1.0.3 (FreeBSD)
To: freebsd-stable@freebsd.org
X-Milter: Spamilter (Reciever: uucp.dinoex.org; Sender-ip: 0:0:2a0b:f840::; Sender-helo: uucp.dinoex.org;)
X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (uucp.dinoex.org [IPv6:2a0b:f840:0:0:0:0:0:12]); Sun, 25 Feb 2024 07:54:08 +0100 (CET)
X-Spamd-Bar: ---
X-Spamd-Result: default: False [-4.00 / 15.00];
	ARC_ALLOW(-1.00)[uucp.dinoex.org:s=M20221114:i=1];
	NEURAL_HAM_LONG(-1.00)[-1.000];
	NEURAL_HAM_MEDIUM(-1.00)[-1.000];
	NEURAL_HAM_SHORT(-1.00)[-0.999];
	FORGED_SENDER(0.30)[pmc@citylink.dinoex.sub.org,li-fbsd@citylink.dinoex.sub.org];
	R_SPF_ALLOW(-0.20)[+mx];
	MIME_GOOD(-0.10)[text/plain];
	FROM_HAS_DN(0.00)[];
	R_DKIM_NA(0.00)[];
	RCPT_COUNT_ONE(0.00)[1];
	HAS_XAW(0.00)[];
	ASN(0.00)[asn:205376, ipnet:2a0b:f840::/32, country:DE];
	FROM_NEQ_ENVFROM(0.00)[pmc@citylink.dinoex.sub.org,li-fbsd@citylink.dinoex.sub.org];
	MLMMJ_DEST(0.00)[freebsd-stable@freebsd.org];
	MIME_TRACE(0.00)[0:+];
	TO_MATCH_ENVRCPT_ALL(0.00)[];
	RCVD_COUNT_THREE(0.00)[4];
	PREVIOUSLY_DELIVERED(0.00)[freebsd-stable@freebsd.org];
	DMARC_NA(0.00)[sub.org];
	RCVD_TLS_LAST(0.00)[];
	TO_DN_NONE(0.00)[]
X-Rspamd-Queue-Id: 4TjDxr1lN6z4GnB
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-stable
List-Help: <mailto:stable+help@freebsd.org>
List-Post: <mailto:stable@freebsd.org>
List-Subscribe: <mailto:stable+subscribe@freebsd.org>
List-Unsubscribe: <mailto:stable+unsubscribe@freebsd.org>
Sender: owner-freebsd-stable@freebsd.org
X-BeenThere: freebsd-stable@freebsd.org

On 2024-02-24, Miroslav Lachman <000.fbsd@quip.cz> wrote:
> On 24/02/2024 21:00, Vincent Stemen wrote:
>> On Sat, Feb 24, 2024 at 04:40:00PM +0100, Miroslav Lachman wrote:
>>> I agree with this security problem. Just a small note - there are
>>> backups of partitions (/var/backups/gpart.*) created by periodic script
>>> /etc/periodic/daily/221.backup-gpart (if you have
>>> daily_backup_gpart_enable="YES" in your /etc/periodic.conf or in a
>>> /etc/defaults/periodic.conf which is the default). That way you can get
>>> back the number plate on you house in some cases.
>> 
>> Thanks.  That's good to know.  I was not aware of those features of
>> periodic.
>
> Almost nobody knows.

Oh, now I see why there is a problem.

Actually I found the partition tables missing when I planned for
desaster recovery, and thought it would be helpful to have a copy
of them. So I implemented such periodic backup long before
it was officially provided.

I think there are many possibilities how things can go wrong, and
evil action is only one of them. So my first imperative is to get
the data savely into backup (and then the backup to offsite). That
accomplished, we can in a relaxed mood think about what we will
do to the person who actually manages to delete the partition
table...

cheerio,
PMc