On 29.05.2014 12:56, Vladimir Sharun wrote:
> Hello,
>> if you have root privileges you can just write some random bytes in some
>> places and this will be enough to break your system. So, restricting
>> some gpart's or zpool's actions depending from securelevel looks like
>> protection from kids.
> Having root under securelevel 3 confirmed disallows you to:
> 1) Direct write to the block devices such as (a)da
> 2) Change rules and/or shutdown pf
> 3) Remove system flags such as schg, sunlnk
> I think your statement true in case of securelevel -1, we're talking about
> the highest one - 3, which shown in logs.

Ok, you are right. But geom_dev restricts access only from user level
applications. When GEOM object does access directly via GEOM methods
this protection won't work. And it seems it isn't easy to fix, all
classes should have own check.

WBR, Andrey V. Elsukov

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to