Date: Thu, 29 May 2014 11:56:15 +0300 From: Vladimir Sharun <atz@ukr.net> To: Current FreeBSD <freebsd-current@freebsd.org> Subject: Re[2]: gpart destroy, zpool destroy, zfs destroy under securelevel 3 Message-ID: <1401353579.467560473.vpvuu1e5@frv45.fwdcdn.com> In-Reply-To: <5386EBC6.2090306@yandex.ru> References: <1401109957.895077023.n4pnr8ak@frv45.fwdcdn.com> <5386EBC6.2090306@yandex.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello, > if you have root privileges you can just write some random bytes in some > places and this will be enough to break your system. So, restricting > some gpart's or zpool's actions depending from securelevel looks like > protection from kids. Having root under securelevel 3 confirmed disallows you to: 1) Direct write to the block devices such as (a)da 2) Change rules and/or shutdown pf 3) Remove system flags such as schg, sunlnk I think your statement true in case of securelevel -1, we're talking about the highest one - 3, which shown in logs.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1401353579.467560473.vpvuu1e5>