Hello FreeBSD community,

Recently plays with securelevel and what I discover: no chance for data to 
survive against remote root, except backups of course. Maybe this log can be a 
proposal for raising securelevel further or include securelevel support against 
the software which can deal with zfs and GEOM labels ?


root@tests:~ # sysctl kern.securelevel=3
kern.securelevel: -1 -> 3
root@tests:~ # gpart show ada3
gpart: No such geom: ada3.
root@tests:~ # gpart create -s gpt /dev/ada3
ada3 created
root@tests:~ # gpart add -t freebsd-zfs -l testdisk -a4k /dev/ada3
ada3p1 added
root@tests:~ # gpart show /dev/ada3
=>        34  1953525101  ada3  GPT  (932G)
34           6        - free -  (3.0K)
40  1953525088     1  freebsd-zfs  (932G)
1953525128           7        - free -  (3.5K)
root@tests:~ # zpool create testpool /dev/gpt/testdisk
root@tests:~ # zpool status testpool
pool: testpool
state: ONLINE
scan: none requested
config:

NAME            STATE     READ WRITE CKSUM
testpool        ONLINE       0     0     0
gpt/testdisk  ONLINE       0     0     0

errors: No known data errors
root@tests:~ # zfs create testpool/test1
root@tests:~ # zfs list | grep test
system/test2          144K  1.78T   144K  none
testpool              150K   913G    32K  /testpool
testpool/test1         31K   913G    31K  /testpool/test1

root@tests:~ # zfs create testpool/test1
root@tests:~ # zpool destroy testpool
root@tests:~ # zpool status testpool
cannot open 'testpool': no such pool

root@tests:~ # gpart show /dev/ada3
=>        34  1953525101  ada3  GPT  (932G)
34           6        - free -  (3.0K)
40  1953525088     1  freebsd-zfs  (932G)
1953525128           7        - free -  (3.5K)

root@tests:~ # gpart delete -i 1 /dev/ada3
ada3p1 deleted
root@tests:~ # gpart destroy /dev/ada3
ada3 destroyed
root@tests:~ # gpart show /dev/ada3
gpart: No such geom: /dev/ada3.
root@tests:~ # sysctl kern.securelevel
kern.securelevel: 3














_______________________________________________
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"

Reply via email to