Re: gpart device permissions security hole (/dev/geom.ctl)
Date: Sat, 24 Feb 2024 15:40:00 UTC
On 22/02/2024 22:23, Vincent Stemen wrote: > On Thu, Feb 22, 2024 at 01:12:23PM -0000, Peter 'PMc' Much wrote: >> On 2024-02-17, Vincent Stemen <vince.bsd@hightek.org> wrote: >>> >>> I have been a Unix systems administrator for well over 35 years and It's not >>> uncommon for administrators to belong to the operator group for restricted >>> admin tasks. It is completely unexpected to discover the user can wipe out >>> the whole system. >> >> Removing the number plate from your house doesn't destroy the house. >> It only might stop it from being accessed by people. > > BTW, correction to my original statement. The operator can only modify > unmounted partitions. So any unmounted partitions or partitioned drives > on standby for failover, backups, etc, can have their partitions deleted > or changed, which will certainly stop access to the data on those > devices. > > So stopping access to your data isn't much different than destroying it > if you can never find it again. If you have a house somewhere in the > country, with no address, other than perhaps what state it is in (which > drive), have fun finding it. So your analogy is a distinction without > a difference. Not only that, if the partition table gets modified > without the sys-admin realizing it, and it gets written to, it most > certainly can destroy the data. I agree with this security problem. Just a small note - there are backups of partitions (/var/backups/gpart.*) created by periodic script /etc/periodic/daily/221.backup-gpart (if you have daily_backup_gpart_enable="YES" in your /etc/periodic.conf or in a /etc/defaults/periodic.conf which is the default). That way you can get back the number plate on you house in some cases. Kind regards Miroslav Lachman