On 26.05.2014 17:31, Vladimir Sharun wrote:
Hello FreeBSD community,
Recently plays with securelevel and what I discover: no chance for
data to survive against remote root, except backups of course. Maybe
this log can be a proposal for raising securelevel further or include
securelevel
Hello,
if you have root privileges you can just write some random bytes in some
places and this will be enough to break your system. So, restricting
some gpart's or zpool's actions depending from securelevel looks like
protection from kids.
Having root under securelevel 3 confirmed disallows
On 29.05.2014 12:56, Vladimir Sharun wrote:
Hello,
if you have root privileges you can just write some random bytes in some
places and this will be enough to break your system. So, restricting
some gpart's or zpool's actions depending from securelevel looks like
protection from kids.
Hello,
Ok, you are right. But geom_dev restricts access only from user level
applications. When GEOM object does access directly via GEOM methods
this protection won't work. And it seems it isn't easy to fix, all
classes should have own check.
Thank you for better clarification. This is the
Hello FreeBSD community,
Recently plays with securelevel and what I discover: no chance for data to
survive against remote root, except backups of course. Maybe this log can be a
proposal for raising securelevel further or include securelevel support against
the software which can deal with