Re: Securing FreeBSD.
- Reply: Albert Shih : "Re: Securing FreeBSD."
- In reply to: Albert Shih : "Securing FreeBSD."
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 04 Apr 2025 17:23:38 UTC
On Fri, Apr 4, 2025 at 1:14 PM Albert Shih <Albert.Shih@obspm.fr> wrote: > > Hi everyone. > > Is they are any way to secure a FreeBSD to prevent destroying data ? > > I find out even with > > kern.securelevel=2 > > root can still do something like > > umount /data > gpart delete -i 1 dev_under_data > > then create something different with for example > > gpart add -t something -a somethingdifferentfrominit dev_under_data > > I also try zfs, but zpool can still be use to destroy every pool. > > Currently the only solution I find is to create a huge / and store data > under / (no a partition), because I'm guessing it would be hard to umount / > > Any other solution ? > > For example, I see with securelevel=2 the «bad guy» would be unable to > create a new filesystem, so is they are any way to backup the «partition > table» ? And put them back after he create another ? > > Regards > > -- > Albert SHIH 🦫 🐸 > Heure locale/Local time: > ven. 04 avril 2025 19:06:58 CEST > So you want to be root, without having the power of root. Try logging into the system with a different user and the problem is solved -- tongue and cheek. Anything root can do, it can also undo. There's no way around that. ~Paul -- __________________ :(){ :|:& };: