gpart destroy, zpool destroy, zfs destroy under securelevel 3
Vladimir Sharun
atz at ukr.net
Thu May 29 08:56:27 UTC 2014
Hello,
> if you have root privileges you can just write some random bytes in some
> places and this will be enough to break your system. So, restricting
> some gpart's or zpool's actions depending from securelevel looks like
> protection from kids.
Having root under securelevel 3 confirmed disallows you to:
1) Direct write to the block devices such as (a)da
2) Change rules and/or shutdown pf
3) Remove system flags such as schg, sunlnk
I think your statement true in case of securelevel -1, we're talking about
the highest one - 3, which shown in logs.
More information about the freebsd-current
mailing list