svn commit: r314036 - head/usr.sbin/bsdinstall/scripts

Bryan Drewery bdrewery at FreeBSD.org
Wed Feb 22 20:27:50 UTC 2017 

On 2/21/2017 11:07 PM, Joel Dahl wrote:
> On Tue, Feb 21, 2017 at 02:40:02PM +0000, Alexey Dokuchaev wrote:
>> On Tue, Feb 21, 2017 at 08:34:29AM -0600, Eric Badger wrote:
>>> Thanks for working on making it easier to harden FreeBSD. While
>>> defaulting some of these options to "on" seem pretty harmless (e.g.
>>> random_pid), others are likely to cause confusion for new and
>>> experienced users alike (e.g. proc_debug. I've never used that option
>>> before, so I gave it a try. It simply causes gdb to hang when attempting
>>> to start a process, with no obvious indication of why).
>>
>> I concur.  In fact, harmless knobs should probably be turned on by default
>> in FreeBSD itself (i.e., without any "hardening" help from the installer),
>> while more intrusive ones should be opt-in, not opt-out.
> 
> I agree. Can we back this out and discuss it on current@?
> 

I concur.
In the original review for adding this I predicted today would come,
https://reviews.freebsd.org/D6826.  I still think that it is very
under-designed and under-thought out.

I personally agree with hardening my system, but I have a number of
issues with this approach:

1. It makes *1 installation* method do hardening, while every other
installation method, and *upgrade* methods not do hardening.  So someone
upgrading from 11.0 to 12.0 won't get hardening, but someone installing
from bsdinstall for 12.0 fresh will get it.  There should not be a
distinction between our installation/upgrade methods like this.

2. It ignores that FreeBSD is *generic Operating System* that serves
many workflows.  Developers want all of this off, System Administrators
want all of it on, and Desktop users may want a compromise of half of it
to allow various drivers to work (not pointing at any specific sysctl
right now).

I think what is really needed is a system profile that lets you pick the
workflow you are going to use the system for, and then set some
reasonable defaults from there.  We will never all agree on the same
defaults because we all are using the systems differently, but we can
find some compromise if we make Use Cases, such as a System Profile
would entail.

I too would like to see this backed out.

-- 
Regards,
Bryan Drewery

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/svn-src-all/attachments/20170222/4f1e1e3a/attachment.sig>

More information about the svn-src-all mailing list