svn commit: r314036 - head/usr.sbin/bsdinstall/scripts

[Slawa Olhovchenkov]

On Wed, Feb 22, 2017 at 08:11:14AM -0800, Conrad Meyer wrote:

> On Wed, Feb 22, 2017 at 3:23 AM, Joel Dahl <joel at vnode.se> wrote:
> > On Wed, Feb 22, 2017 at 07:56:52AM +0000, Bartłomiej Rutkowski wrote:
> >> I strongly believe we should, by default, ship as secured and hardened as
> >> possible in order to improve overall security of new users installations.
> >> Power users will and do change the OS as they please, they most likely
> >> don't use bsdinstall in first place, so they're not affected in any way.
> >
> > Sorry, I strongly disagree with that. I'm most likely a "power user" and I use
> > bsdinstall.
> 
> Ditto.  I'm also unfamiliar enough with the installer to trip on this
> kind of thing.  Slawa's proposed "disable all" option would be fine.

My english not enought fluent for more explicate proposal, from my
point most of this options do hardened in only limited cases, for
other cases same options do system more un-hardened by force working
as root. Some have unevident effects (/tmp cleaning, for example).

For many users this options will be source of weird issuses (gdb don't
work? fucking ugly freebsd! migrate to linux).

This is evil trend of enforcing weird solutions under the auspices of
'my safety': airport security check, backgound check on every point,
lawfull intercept, block access to hardware management in safety
enviroment by 'leak ecnription'. I am enoght smart for self-sufficient
security risk assessment!

Industry already have at some "hardened" BSD: OpenBSD and HardenedBSD.
Waht about market share?