On Wed, Feb 22, 2017 at 10:05 AM, Slawa Olhovchenkov <s...@zxy.spb.ru> wrote: > On Wed, Feb 22, 2017 at 08:11:14AM -0800, Conrad Meyer wrote: > >> On Wed, Feb 22, 2017 at 3:23 AM, Joel Dahl <j...@vnode.se> wrote: >> > On Wed, Feb 22, 2017 at 07:56:52AM +0000, Bartłomiej Rutkowski wrote: >> >> I strongly believe we should, by default, ship as secured and hardened as >> >> possible in order to improve overall security of new users installations. >> >> Power users will and do change the OS as they please, they most likely >> >> don't use bsdinstall in first place, so they're not affected in any way. >> > >> > Sorry, I strongly disagree with that. I'm most likely a "power user" and I >> > use >> > bsdinstall. >> >> Ditto. I'm also unfamiliar enough with the installer to trip on this >> kind of thing. Slawa's proposed "disable all" option would be fine. > > My english not enought fluent for more explicate proposal, from my > point most of this options do hardened in only limited cases, for > other cases same options do system more un-hardened by force working > as root. Some have unevident effects (/tmp cleaning, for example).
Yep. I am not concerned about disabling sendmail or remote syslog by default, though. > For many users this options will be source of weird issuses (gdb don't > work? fucking ugly freebsd! migrate to linux). Yeah, I am concerned about this too. (Also: "ps doesn't work" would be a big newbie sysadmin headache.) > This is evil trend of enforcing weird solutions under the auspices of > 'my safety': airport security check, backgound check on every point, > lawfull intercept, block access to hardware management in safety > enviroment by 'leak ecnription'. I am enoght smart for self-sufficient > security risk assessment! > > Industry already have at some "hardened" BSD: OpenBSD and HardenedBSD. > Waht about market share? Best, Conrad _______________________________________________ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
