svn commit: r327915 - stable/11/usr.sbin/bsdinstall/scripts
Eitan Adler
eadler at FreeBSD.org
Sat Jan 13 09:28:44 UTC 2018
Author: eadler
Date: Sat Jan 13 09:28:43 2018
New Revision: 327915
URL: https://svnweb.freebsd.org/changeset/base/327915
Log:
MFC r324206:
bsdinstall(8) hardening menu: Utilize new kern.randompid=1 behaviour
Enabling the PID randomization option in bsdinstall(8)'s hardening menu
now randomizes the effective value of kern.randompid on each boot.
Previous behaviour:
When kern.randompid was enabled via the the bsdinstall(8) hardening menu,
a random value was generated and placed in the systems /etc/sysctl.conf as
kern.randompid=value
This makes the value of kern.randompid static across reboots.
New behaviour:
When kern.randompid is enabled via the bsdinstall(8) hardening menu, the
line kern.randompid=1 is placed in the systems /etc/sysctl.conf.
This takes advantage of a new kernel feature and makes the value of
kern.randompid be randomized by the kernel on each reboot.
Modified:
stable/11/usr.sbin/bsdinstall/scripts/hardening
Directory Properties:
stable/11/ (props changed)
Modified: stable/11/usr.sbin/bsdinstall/scripts/hardening
==============================================================================
--- stable/11/usr.sbin/bsdinstall/scripts/hardening Sat Jan 13 09:26:24 2018 (r327914)
+++ stable/11/usr.sbin/bsdinstall/scripts/hardening Sat Jan 13 09:28:43 2018 (r327915)
@@ -62,7 +62,7 @@ for feature in $FEATURES; do
echo security.bsd.unprivileged_proc_debug=0 >> $BSDINSTALL_TMPETC/sysctl.conf.hardening
fi
if [ "$feature" = "random_pid" ]; then
- echo kern.randompid=$(jot -r 1 9999) >> $BSDINSTALL_TMPETC/sysctl.conf.hardening
+ echo kern.randompid=1 >> $BSDINSTALL_TMPETC/sysctl.conf.hardening
fi
if [ "$feature" = "stack_guard" ]; then
echo security.bsd.stack_guard_page=1 >> $BSDINSTALL_TMPETC/sysctl.conf.hardening
More information about the svn-src-stable-11
mailing list