Re: Securing FreeBSD.

From: Paul Procacci <pprocacci_at_gmail.com>
Date: Fri, 04 Apr 2025 17:23:38 UTC
On Fri, Apr 4, 2025 at 1:14 PM Albert Shih <Albert.Shih@obspm.fr> wrote:
>
> Hi everyone.
>
> Is they are any way to secure a FreeBSD to prevent destroying data ?
>
> I find out even with
>
>   kern.securelevel=2
>
> root can still do something like
>
>   umount /data
>   gpart delete -i 1 dev_under_data
>
> then create something different with for example
>
>   gpart add -t something -a somethingdifferentfrominit dev_under_data
>
> I also try zfs, but zpool can still be use to destroy every pool.
>
> Currently the only solution I find is to create a huge / and store data
> under / (no a partition), because I'm guessing it would be hard to umount /
>
> Any other solution ?
>
> For example, I see with securelevel=2 the «bad guy» would be unable to
> create a new filesystem, so is they are any way to backup the «partition
> table» ? And put them back after he create another ?
>
> Regards
>
> --
> Albert SHIH 🦫 🐸
> Heure locale/Local time:
> ven. 04 avril 2025 19:06:58 CEST
>

So you want to be root, without having the power of root.
Try logging into the system with a different user and the problem is
solved -- tongue and cheek.
Anything root can do, it can also undo.  There's no way around that.

~Paul

-- 
__________________

:(){ :|:& };: