Hello,
> Ok, you are right. But geom_dev restricts access only from user level
> applications. When GEOM object does access directly via GEOM methods
> this protection won't work. And it seems it isn't easy to fix, all
> classes should have own check.
Thank you for better clarification. This is t
On 29.05.2014 12:56, Vladimir Sharun wrote:
> Hello,
>
>> if you have root privileges you can just write some random bytes in some
>> places and this will be enough to break your system. So, restricting
>> some gpart's or zpool's actions depending from securelevel looks like
>> protection from kid
Hello,
> if you have root privileges you can just write some random bytes in some
> places and this will be enough to break your system. So, restricting
> some gpart's or zpool's actions depending from securelevel looks like
> protection from kids.
Having root under securelevel 3 confirmed disall
On 26.05.2014 17:31, Vladimir Sharun wrote:
> Hello FreeBSD community,
>
> Recently plays with securelevel and what I discover: no chance for
> data to survive against remote root, except backups of course. Maybe
> this log can be a proposal for raising securelevel further or include
> securelevel
Hello FreeBSD community,
Recently plays with securelevel and what I discover: no chance for data to
survive against remote root, except backups of course. Maybe this log can be a
proposal for raising securelevel further or include securelevel support against
the software which can deal with zfs
