On 2017-02-22 13:13, Conrad Meyer wrote: > On Wed, Feb 22, 2017 at 10:05 AM, Slawa Olhovchenkov <s...@zxy.spb.ru> wrote: >> On Wed, Feb 22, 2017 at 08:11:14AM -0800, Conrad Meyer wrote: >> >>> On Wed, Feb 22, 2017 at 3:23 AM, Joel Dahl <j...@vnode.se> wrote: >>>> On Wed, Feb 22, 2017 at 07:56:52AM +0000, Bartłomiej Rutkowski wrote: >>>>> I strongly believe we should, by default, ship as secured and hardened as >>>>> possible in order to improve overall security of new users installations. >>>>> Power users will and do change the OS as they please, they most likely >>>>> don't use bsdinstall in first place, so they're not affected in any way. >>>> >>>> Sorry, I strongly disagree with that. I'm most likely a "power user" and I >>>> use >>>> bsdinstall. >>> >>> Ditto. I'm also unfamiliar enough with the installer to trip on this >>> kind of thing. Slawa's proposed "disable all" option would be fine. >> >> My english not enought fluent for more explicate proposal, from my >> point most of this options do hardened in only limited cases, for >> other cases same options do system more un-hardened by force working >> as root. Some have unevident effects (/tmp cleaning, for example). > > Yep. I am not concerned about disabling sendmail or remote syslog by > default, though. > >> For many users this options will be source of weird issuses (gdb don't >> work? fucking ugly freebsd! migrate to linux). > > Yeah, I am concerned about this too. (Also: "ps doesn't work" would > be a big newbie sysadmin headache.) > >> This is evil trend of enforcing weird solutions under the auspices of >> 'my safety': airport security check, backgound check on every point, >> lawfull intercept, block access to hardware management in safety >> enviroment by 'leak ecnription'. I am enoght smart for self-sufficient >> security risk assessment! >> >> Industry already have at some "hardened" BSD: OpenBSD and HardenedBSD. >> Waht about market share? > > Best, > Conrad >
Yeah, a think a number of these options are good, but a bunch are no go. I do not want something deleting my files from /tmp unexpectedly. TrueOS has that on by default, and it has eaten useful files a few too many times. Breaking gdb should NOT be on by default either. For some of the others, having them on by default in bsdinstall might be a good way to 'test' the features under a wider user load, before we switch the defaults for the sysctls. -- Allan Jude
signature.asc
Description: OpenPGP digital signature
