svn commit: r303877 - head/usr.sbin/bsdinstall/scripts

Tue, 09 Aug 2016 08:58:08 -0700 

Author: skreuzer (doc,ports committer)
Date: Tue Aug  9 15:57:37 2016
New Revision: 303877
URL: https://svnweb.freebsd.org/changeset/base/303877

Log:
  Write kern.randompid to /etc/sysctl.conf
  
  PR:           211471
  Reported by:  su...@protonmail.com
  Reviewed by:  robak@
  Approved by:  allanjude@
  MFC after:    3 days
  Differential Revision:         https://reviews.freebsd.org/D7440

Modified:
  head/usr.sbin/bsdinstall/scripts/hardening

Modified: head/usr.sbin/bsdinstall/scripts/hardening
==============================================================================
--- head/usr.sbin/bsdinstall/scripts/hardening  Tue Aug  9 15:56:33 2016        
(r303876)
+++ head/usr.sbin/bsdinstall/scripts/hardening  Tue Aug  9 15:57:37 2016        
(r303877)
@@ -29,6 +29,7 @@
 : ${DIALOG_OK=0}
 
 echo -n > $BSDINSTALL_TMPETC/rc.conf.hardening
+echo -n > $BSDINSTALL_TMPETC/sysctl.conf.hardening
 
 exec 3>&1
 FEATURES=$( dialog --backtitle "FreeBSD Installer" \
@@ -39,7 +40,7 @@ FEATURES=$( dialog --backtitle "FreeBSD 
        "hide_gids" "Hide processes running as other groups" ${hide_gids:-off} \
        "read_msgbuf" "Disable reading kernel message buffer for unprivileged 
users" ${read_msgbuf:-off} \
        "proc_debug" "Disable process debugging facilities for unprivileged 
users" ${proc_debug:-off} \
-       "random_pid" "Randomize the PID of newly created processes" 
${random_id:-off} \
+       "random_pid" "Randomize the PID of newly created processes" 
${random_pid:-off} \
        "stack_guard" "Insert stack guard page ahead of the growable segments" 
${stack_guard:-off} \
        "clear_tmp" "Clean the /tmp filesystem on system startup" 
${clear_tmp:-off} \
        "disable_syslogd" "Disable opening Syslogd network socket (disables 
remote logging)" ${disable_syslogd:-off} \
@@ -60,7 +61,7 @@ for feature in $FEATURES; do
        if [ "$feature" = "proc_debug" ]; then
                echo security.bsd.unprivileged_proc_debug=0 >> 
$BSDINSTALL_TMPETC/sysctl.conf.hardening
        fi
-       if [ "$feature" = "random_id" ]; then
+       if [ "$feature" = "random_pid" ]; then
                echo kern.randompid=$(jot -r 1 9999) >> 
$BSDINSTALL_TMPETC/sysctl.conf.hardening
        fi
        if [ "$feature" = "stack_guard" ]; then
_______________________________________________
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"

Reply via email to