svn commit: r314036 - head/usr.sbin/bsdinstall/scripts
Slawa Olhovchenkov
slw at zxy.spb.ru
Wed Feb 22 20:18:06 UTC 2017
On Wed, Feb 22, 2017 at 10:13:41AM -0800, Conrad Meyer wrote:
> On Wed, Feb 22, 2017 at 10:05 AM, Slawa Olhovchenkov <slw at zxy.spb.ru> wrote:
> > On Wed, Feb 22, 2017 at 08:11:14AM -0800, Conrad Meyer wrote:
> >
> >> On Wed, Feb 22, 2017 at 3:23 AM, Joel Dahl <joel at vnode.se> wrote:
> >> > On Wed, Feb 22, 2017 at 07:56:52AM +0000, Bartłomiej Rutkowski wrote:
> >> >> I strongly believe we should, by default, ship as secured and hardened as
> >> >> possible in order to improve overall security of new users installations.
> >> >> Power users will and do change the OS as they please, they most likely
> >> >> don't use bsdinstall in first place, so they're not affected in any way.
> >> >
> >> > Sorry, I strongly disagree with that. I'm most likely a "power user" and I use
> >> > bsdinstall.
> >>
> >> Ditto. I'm also unfamiliar enough with the installer to trip on this
> >> kind of thing. Slawa's proposed "disable all" option would be fine.
> >
> > My english not enought fluent for more explicate proposal, from my
> > point most of this options do hardened in only limited cases, for
> > other cases same options do system more un-hardened by force working
> > as root. Some have unevident effects (/tmp cleaning, for example).
>
> Yep. I am not concerned about disabling sendmail or remote syslog by
> default, though.
Also, what mean by 'disabling remote syslog'?
As I know syslogd by default don't collect remote messages and need -a
options. May be this is about -s options? How many -s? Not clean.
More information about the svn-src-head
mailing list