Re: gpart device permissions security hole (/dev/geom.ctl)

On 22/02/2024 22:23, Vincent Stemen wrote:
> On Thu, Feb 22, 2024 at 01:12:23PM -0000, Peter 'PMc' Much wrote:
>> On 2024-02-17, Vincent Stemen <vince.bsd@hightek.org> wrote:
>>>
>>> I have been a Unix systems administrator for well over 35 years and It's not
>>> uncommon for administrators to belong to the operator group for restricted
>>> admin tasks.  It is completely unexpected to discover the user can wipe out
>>> the whole system.
>>
>> Removing the number plate from your house doesn't destroy the house.
>> It only might stop it from being accessed by people.
> 
> BTW, correction to my original statement.  The operator can only modify
> unmounted partitions.  So any unmounted partitions or partitioned drives
> on standby for failover, backups, etc, can have their partitions deleted
> or changed, which will certainly stop access to the data on those
> devices.
> 
> So stopping access to your data isn't much different than destroying it
> if you can never find it again.  If you have a house somewhere in the
> country, with no address, other than perhaps what state it is in (which
> drive), have fun finding it.   So your analogy is a distinction without
> a difference.  Not only that, if the partition table gets modified
> without the sys-admin realizing it, and it gets written to, it most
> certainly can destroy the data.

I agree with this security problem. Just a small note - there are 
backups of partitions (/var/backups/gpart.*) created by periodic script 
/etc/periodic/daily/221.backup-gpart (if you have 
daily_backup_gpart_enable="YES" in your /etc/periodic.conf or in a 
/etc/defaults/periodic.conf which is the default). That way you can get 
back the number plate on you house in some cases.

Kind regards
Miroslav Lachman