svn commit: r314036 - head/usr.sbin/bsdinstall/scripts
Shawn Webb
shawn.webb at hardenedbsd.org
Wed Feb 22 19:29:04 UTC 2017
On Wed, Feb 22, 2017 at 02:23:26PM -0500, Allan Jude wrote:
> On 2017-02-22 13:13, Conrad Meyer wrote:
> > On Wed, Feb 22, 2017 at 10:05 AM, Slawa Olhovchenkov <slw at zxy.spb.ru> wrote:
> >> On Wed, Feb 22, 2017 at 08:11:14AM -0800, Conrad Meyer wrote:
> >>
> >>> On Wed, Feb 22, 2017 at 3:23 AM, Joel Dahl <joel at vnode.se> wrote:
> >>>> On Wed, Feb 22, 2017 at 07:56:52AM +0000, Bart??omiej Rutkowski wrote:
> >>>>> I strongly believe we should, by default, ship as secured and hardened as
> >>>>> possible in order to improve overall security of new users installations.
> >>>>> Power users will and do change the OS as they please, they most likely
> >>>>> don't use bsdinstall in first place, so they're not affected in any way.
> >>>>
> >>>> Sorry, I strongly disagree with that. I'm most likely a "power user" and I use
> >>>> bsdinstall.
> >>>
> >>> Ditto. I'm also unfamiliar enough with the installer to trip on this
> >>> kind of thing. Slawa's proposed "disable all" option would be fine.
> >>
> >> My english not enought fluent for more explicate proposal, from my
> >> point most of this options do hardened in only limited cases, for
> >> other cases same options do system more un-hardened by force working
> >> as root. Some have unevident effects (/tmp cleaning, for example).
> >
> > Yep. I am not concerned about disabling sendmail or remote syslog by
> > default, though.
> >
> >> For many users this options will be source of weird issuses (gdb don't
> >> work? fucking ugly freebsd! migrate to linux).
> >
> > Yeah, I am concerned about this too. (Also: "ps doesn't work" would
> > be a big newbie sysadmin headache.)
> >
> >> This is evil trend of enforcing weird solutions under the auspices of
> >> 'my safety': airport security check, backgound check on every point,
> >> lawfull intercept, block access to hardware management in safety
> >> enviroment by 'leak ecnription'. I am enoght smart for self-sufficient
> >> security risk assessment!
> >>
> >> Industry already have at some "hardened" BSD: OpenBSD and HardenedBSD.
> >> Waht about market share?
> >
> > Best,
> > Conrad
> >
>
> Yeah, a think a number of these options are good, but a bunch are no go.
> I do not want something deleting my files from /tmp unexpectedly. TrueOS
> has that on by default, and it has eaten useful files a few too many times.
>
> Breaking gdb should NOT be on by default either.
>
> For some of the others, having them on by default in bsdinstall might be
> a good way to 'test' the features under a wider user load, before we
> switch the defaults for the sysctls.
FYI: HardenedBSD has had the sysctl nodes set for a while now (> 1
year). The only "gotcha" moment we've had is with ASAN requiring the
ability to determine memory maps, which is broken by setting
security.bsd.unprivileged_proc_debug to 0.
HardenedBSD has also set security.bsd.hardlink_check_gid and
security.bsd.hardlink_check_uid both to 1.
Thanks,
--
Shawn Webb
Cofounder and Security Engineer
HardenedBSD
GPG Key ID: 0x6A84658F52456EEE
GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/svn-src-all/attachments/20170222/76e61a7b/attachment.sig>
More information about the svn-src-all
mailing list