Date: Thu, 29 May 2014 12:11:50 +0400 From: "Andrey V. Elsukov" <bu7cher@yandex.ru> To: Vladimir Sharun <atz@ukr.net>, Current FreeBSD <freebsd-current@freebsd.org> Subject: Re: gpart destroy, zpool destroy, zfs destroy under securelevel 3 Message-ID: <5386EBC6.2090306@yandex.ru> In-Reply-To: <1401109957.895077023.n4pnr8ak@frv45.fwdcdn.com> References: <1401109957.895077023.n4pnr8ak@frv45.fwdcdn.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 26.05.2014 17:31, Vladimir Sharun wrote: > Hello FreeBSD community, > > Recently plays with securelevel and what I discover: no chance for > data to survive against remote root, except backups of course. Maybe > this log can be a proposal for raising securelevel further or include > securelevel support against the software which can deal with zfs and > GEOM labels ? Hi, if you have root privileges you can just write some random bytes in some places and this will be enough to break your system. So, restricting some gpart's or zpool's actions depending from securelevel looks like protection from kids. -- WBR, Andrey V. Elsukov
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5386EBC6.2090306>