Date: Sat, 24 Feb 2024 16:40:00 +0100 From: Miroslav Lachman <000.fbsd@quip.cz> To: stable@freebsd.org Subject: Re: gpart device permissions security hole (/dev/geom.ctl) Message-ID: <2421f1a5-d924-4912-abff-e000e41f5459@quip.cz> In-Reply-To: <Zde7TAehUyMvDQ5F@marble.hightek.org> References: <ZdE2Hm6y5Fel2etP@marble.hightek.org> <slrnutei1n.1ebh.pmc@disp.intra.daemon.contact> <Zde7TAehUyMvDQ5F@marble.hightek.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 22/02/2024 22:23, Vincent Stemen wrote: > On Thu, Feb 22, 2024 at 01:12:23PM -0000, Peter 'PMc' Much wrote: >> On 2024-02-17, Vincent Stemen <vince.bsd@hightek.org> wrote: >>> >>> I have been a Unix systems administrator for well over 35 years and It's not >>> uncommon for administrators to belong to the operator group for restricted >>> admin tasks. It is completely unexpected to discover the user can wipe out >>> the whole system. >> >> Removing the number plate from your house doesn't destroy the house. >> It only might stop it from being accessed by people. > > BTW, correction to my original statement. The operator can only modify > unmounted partitions. So any unmounted partitions or partitioned drives > on standby for failover, backups, etc, can have their partitions deleted > or changed, which will certainly stop access to the data on those > devices. > > So stopping access to your data isn't much different than destroying it > if you can never find it again. If you have a house somewhere in the > country, with no address, other than perhaps what state it is in (which > drive), have fun finding it. So your analogy is a distinction without > a difference. Not only that, if the partition table gets modified > without the sys-admin realizing it, and it gets written to, it most > certainly can destroy the data. I agree with this security problem. Just a small note - there are backups of partitions (/var/backups/gpart.*) created by periodic script /etc/periodic/daily/221.backup-gpart (if you have daily_backup_gpart_enable="YES" in your /etc/periodic.conf or in a /etc/defaults/periodic.conf which is the default). That way you can get back the number plate on you house in some cases. Kind regards Miroslav Lachman
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2421f1a5-d924-4912-abff-e000e41f5459>