From nobody Fri Apr 14 15:46:22 2023 X-Original-To: freebsd-questions@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Pygm24vCrz45TPP for ; Fri, 14 Apr 2023 15:46:26 +0000 (UTC) (envelope-from carlj@peak.org) Received: from mail.nrtc.syn-alias.com (mail.nrtc.syn-alias.com [129.213.214.220]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4Pygm11N08z4l2n for ; Fri, 14 Apr 2023 15:46:24 +0000 (UTC) (envelope-from carlj@peak.org) Authentication-Results: mx1.freebsd.org; dkim=none; spf=pass (mx1.freebsd.org: domain of carlj@peak.org designates 129.213.214.220 as permitted sender) smtp.mailfrom=carlj@peak.org; dmarc=pass (policy=none) header.from=peak.org X-Authed-Username: Y2FybGpAcGVhay5vcmc= Received: from [199.58.99.70] ([199.58.99.70:38848] helo=bay.localnet) by mail.peak.org (envelope-from ) (ecelerity 4.4.0.19839 r(msys-ecelerity:tags/4.4.0.0^0)) with ESMTPA id 10/A2-15546-F4579346; Fri, 14 Apr 2023 11:46:23 -0400 Received: from carlj by bay.localnet with local (Exim 4.95 (FreeBSD)) (envelope-from ) id 1pnLd0-000AOj-KQ for freebsd-questions@freebsd.org; Fri, 14 Apr 2023 08:46:22 -0700 From: Carl Johnson To: freebsd-questions@freebsd.org Subject: Re: filesystem labels? References: <20230413111708.62d8c8d3.freebsd@edvax.de> <82C015E0-71B9-4189-AA84-71219CA14E73@gushi.org> <20230414084139.8b2d91dc.freebsd@edvax.de> Date: Fri, 14 Apr 2023 08:46:22 -0700 In-Reply-To: <20230414084139.8b2d91dc.freebsd@edvax.de> (Polytropon's message of "Fri, 14 Apr 2023 08:41:39 +0200") Message-ID: <86y1mu8o1d.fsf@bay.localnet> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.2 (berkeley-unix) List-Id: User questions List-Archive: https://lists.freebsd.org/archives/freebsd-questions List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org MIME-Version: 1.0 Content-Type: text/plain X-Vade-Verdict: clean X-Vade-Analysis-1: gggruggvucftvghtrhhoucdtuddrgedvhedrvdeltddgleefucetufdoteggodetrfdotffvucfrrhho X-Vade-Analysis-2: fhhilhgvmecuufgjpfetvefqtfdppfftvfevpdfgpfggqdfptffvvedpqfgfvfenuceurghilhhouhht X-Vade-Analysis-3: mecufedtudenucenucfjughrpefhvffufhffjgfkfgggtgesthdttddttdertdenucfhrhhomhepvegr X-Vade-Analysis-4: rhhlucflohhhnhhsohhnuceotggrrhhljhesphgvrghkrdhorhhgqeenucggtffrrghtthgvrhhnpedv X-Vade-Analysis-5: geffueejudffieekfeettdeftdelleeuhfehfefggeefiedukefgleejieehgeenucfkphepudelledr X-Vade-Analysis-6: heekrdelledrjedtnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehinhgvthepudelledr X-Vade-Analysis-7: heekrdelledrjedtpdhhvghlohepsggrhidrlhhotggrlhhnvghtpdhmrghilhhfrhhomheptggrrhhl X-Vade-Analysis-8: jhesphgvrghkrdhorhhgpdhrtghpthhtohepfhhrvggvsghsugdqqhhuvghsthhiohhnshesfhhrvggv X-Vade-Analysis-9: sghsugdrohhrghdpmhhtrghhohhsthepshhmthhptdefrdhnrhhttgdrvghmrghilhdqrghshhdurdhs X-Vade-Analysis-10: hihntgdrlhgrnhdpnhgspghrtghpthhtohepuddpihhspghnrgepthhruhgvpdgruhhthhgpuhhsvghr X-Vade-Analysis-11: pegtrghrlhhjsehpvggrkhdrohhrgh X-Vade-Client: NRTC X-Spamd-Result: default: False [-2.23 / 15.00]; SUBJECT_ENDS_QUESTION(1.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_MEDIUM(-0.99)[-0.990]; DMARC_POLICY_ALLOW(-0.50)[peak.org,none]; NEURAL_HAM_SHORT(-0.44)[-0.436]; R_SPF_ALLOW(-0.20)[+ip4:129.213.214.220]; MIME_GOOD(-0.10)[text/plain]; MLMMJ_DEST(0.00)[freebsd-questions@freebsd.org]; ASN(0.00)[asn:31898, ipnet:129.213.208.0/21, country:US]; FROM_EQ_ENVFROM(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[129.213.214.220:from]; R_DKIM_NA(0.00)[]; RCVD_TLS_LAST(0.00)[]; RCVD_COUNT_THREE(0.00)[3]; RCPT_COUNT_ONE(0.00)[1]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; MIME_TRACE(0.00)[0:+]; FROM_HAS_DN(0.00)[]; TO_DN_NONE(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; RWL_MAILSPIKE_POSSIBLE(0.00)[129.213.214.220:from] X-Rspamd-Queue-Id: 4Pygm11N08z4l2n X-Spamd-Bar: -- X-ThisMailContainsUnwantedMimeParts: N Polytropon writes: > > NB: Dealing with gpart partition creation and destruction > sometimes requires you to set > > # sysctl kern.geom.debugflags=16 > > in order to override some security mechanisms which could > interfere with what you're intending. But don't ask me where > this has been properly documented... ;-) That is somewhat documented in the geom(4) manpage. That is covered as: 0x10 (allow foot shooting) Allow writing to Rank 1 providers. This would, for example, allow the super-user to overwrite the MBR on the root disk or write random sectors elsewhere to a mounted disk. The implications are obvious. There are settings for bits 0x01 - 0x80. -- Carl Johnson carlj@peak.org