On Wed, Feb 22, 2017 at 02:23:26PM -0500, Allan Jude wrote: > On 2017-02-22 13:13, Conrad Meyer wrote: > > On Wed, Feb 22, 2017 at 10:05 AM, Slawa Olhovchenkov <s...@zxy.spb.ru> > > wrote: > >> On Wed, Feb 22, 2017 at 08:11:14AM -0800, Conrad Meyer wrote: > >> > >>> On Wed, Feb 22, 2017 at 3:23 AM, Joel Dahl <j...@vnode.se> wrote: > >>>> On Wed, Feb 22, 2017 at 07:56:52AM +0000, Bart??omiej Rutkowski wrote: > >>>>> I strongly believe we should, by default, ship as secured and hardened > >>>>> as > >>>>> possible in order to improve overall security of new users > >>>>> installations. > >>>>> Power users will and do change the OS as they please, they most likely > >>>>> don't use bsdinstall in first place, so they're not affected in any way. > >>>> > >>>> Sorry, I strongly disagree with that. I'm most likely a "power user" and > >>>> I use > >>>> bsdinstall. > >>> > >>> Ditto. I'm also unfamiliar enough with the installer to trip on this > >>> kind of thing. Slawa's proposed "disable all" option would be fine. > >> > >> My english not enought fluent for more explicate proposal, from my > >> point most of this options do hardened in only limited cases, for > >> other cases same options do system more un-hardened by force working > >> as root. Some have unevident effects (/tmp cleaning, for example). > > > > Yep. I am not concerned about disabling sendmail or remote syslog by > > default, though. > > > >> For many users this options will be source of weird issuses (gdb don't > >> work? fucking ugly freebsd! migrate to linux). > > > > Yeah, I am concerned about this too. (Also: "ps doesn't work" would > > be a big newbie sysadmin headache.) > > > >> This is evil trend of enforcing weird solutions under the auspices of > >> 'my safety': airport security check, backgound check on every point, > >> lawfull intercept, block access to hardware management in safety > >> enviroment by 'leak ecnription'. I am enoght smart for self-sufficient > >> security risk assessment! > >> > >> Industry already have at some "hardened" BSD: OpenBSD and HardenedBSD. > >> Waht about market share? > > > > Best, > > Conrad > > > > Yeah, a think a number of these options are good, but a bunch are no go. > I do not want something deleting my files from /tmp unexpectedly. TrueOS > has that on by default, and it has eaten useful files a few too many times. > > Breaking gdb should NOT be on by default either. > > For some of the others, having them on by default in bsdinstall might be > a good way to 'test' the features under a wider user load, before we > switch the defaults for the sysctls.
FYI: HardenedBSD has had the sysctl nodes set for a while now (> 1 year). The only "gotcha" moment we've had is with ASAN requiring the ability to determine memory maps, which is broken by setting security.bsd.unprivileged_proc_debug to 0. HardenedBSD has also set security.bsd.hardlink_check_gid and security.bsd.hardlink_check_uid both to 1. Thanks, -- Shawn Webb Cofounder and Security Engineer HardenedBSD GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE
signature.asc
Description: PGP signature
