Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 26 May 2014 16:31:36 +0300
From:      Vladimir Sharun <atz@ukr.net>
To:        Current FreeBSD <freebsd-current@freebsd.org>
Subject:   gpart destroy, zpool destroy, zfs destroy under securelevel 3
Message-ID:  <1401109957.895077023.n4pnr8ak@frv45.fwdcdn.com>
next in thread | raw e-mail | index | archive | help 
Hello FreeBSD community,

Recently plays with securelevel and what I discover: no chance for data to survive against remote root, except backups of course. Maybe this log can be a proposal for raising securelevel further or include securelevel support against the software which can deal with zfs and GEOM labels ?


root@tests:~ # sysctl kern.securelevel=3
kern.securelevel: -1 -> 3
root@tests:~ # gpart show ada3
gpart: No such geom: ada3.
root@tests:~ # gpart create -s gpt /dev/ada3
ada3 created
root@tests:~ # gpart add -t freebsd-zfs -l testdisk -a4k /dev/ada3
ada3p1 added
root@tests:~ # gpart show /dev/ada3
=>        34  1953525101  ada3  GPT  (932G)
34           6        - free -  (3.0K)
40  1953525088     1  freebsd-zfs  (932G)
1953525128           7        - free -  (3.5K)
root@tests:~ # zpool create testpool /dev/gpt/testdisk
root@tests:~ # zpool status testpool
pool: testpool
state: ONLINE
scan: none requested
config:

NAME            STATE     READ WRITE CKSUM
testpool        ONLINE       0     0     0
gpt/testdisk  ONLINE       0     0     0

errors: No known data errors
root@tests:~ # zfs create testpool/test1
root@tests:~ # zfs list | grep test
system/test2          144K  1.78T   144K  none
testpool              150K   913G    32K  /testpool
testpool/test1         31K   913G    31K  /testpool/test1

root@tests:~ # zfs create testpool/test1
root@tests:~ # zpool destroy testpool
root@tests:~ # zpool status testpool
cannot open 'testpool': no such pool

root@tests:~ # gpart show /dev/ada3
=>        34  1953525101  ada3  GPT  (932G)
34           6        - free -  (3.0K)
40  1953525088     1  freebsd-zfs  (932G)
1953525128           7        - free -  (3.5K)

root@tests:~ # gpart delete -i 1 /dev/ada3
ada3p1 deleted
root@tests:~ # gpart destroy /dev/ada3
ada3 destroyed
root@tests:~ # gpart show /dev/ada3
gpart: No such geom: /dev/ada3.
root@tests:~ # sysctl kern.securelevel
kern.securelevel: 3

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1401109957.895077023.n4pnr8ak>