Author: robak (ports committer) Date: Fri Jul 21 08:50:22 2017 New Revision: 321326 URL: https://svnweb.freebsd.org/changeset/base/321326
Log: Remove stack guard option from hardening menu. Since kib's change the stack guard is now ON by default, this option in hardening menu of bsdinstall is no longer needed. Submitted by: Bartlomiej Rutkowski <ro...@freebsd.org> Reviewed by: bapt Approved by: bapt MFC after: 1 day Sponsored by: Pixeware LTD Differential Revision: https://reviews.freebsd.org/D11686 Modified: head/usr.sbin/bsdinstall/scripts/hardening Modified: head/usr.sbin/bsdinstall/scripts/hardening ============================================================================== --- head/usr.sbin/bsdinstall/scripts/hardening Fri Jul 21 07:44:43 2017 (r321325) +++ head/usr.sbin/bsdinstall/scripts/hardening Fri Jul 21 08:50:22 2017 (r321326) @@ -42,11 +42,10 @@ FEATURES=$( dialog --backtitle "FreeBSD Installer" \ "3 read_msgbuf" "Disable reading kernel message buffer for unprivileged users" ${read_msgbuf:-off} \ "4 proc_debug" "Disable process debugging facilities for unprivileged users" ${proc_debug:-off} \ "5 random_pid" "Randomize the PID of newly created processes" ${random_pid:-off} \ - "6 stack_guard" "Set stack guard buffer size to 2MB" ${stack_guard:-off} \ - "7 clear_tmp" "Clean the /tmp filesystem on system startup" ${clear_tmp:-off} \ - "8 disable_syslogd" "Disable opening Syslogd network socket (disables remote logging)" ${disable_syslogd:-off} \ - "9 disable_sendmail" "Disable Sendmail service" ${disable_sendmail:-off} \ - "10 secure_console" "Enable console password prompt" ${secure_console:-off} \ + "6 clear_tmp" "Clean the /tmp filesystem on system startup" ${clear_tmp:-off} \ + "7 disable_syslogd" "Disable opening Syslogd network socket (disables remote logging)" ${disable_syslogd:-off} \ + "8 disable_sendmail" "Disable Sendmail service" ${disable_sendmail:-off} \ + "9 secure_console" "Enable console password prompt" ${secure_console:-off} \ 2>&1 1>&3 ) exec 3>&- @@ -68,9 +67,6 @@ for feature in $FEATURES; do fi if [ "$feature" = "random_pid" ]; then echo kern.randompid=$(jot -r 1 9999) >> $BSDINSTALL_TMPETC/sysctl.conf.hardening - fi - if [ "$feature" = "stack_guard" ]; then - echo security.bsd.stack_guard_page=512 >> $BSDINSTALL_TMPETC/sysctl.conf.hardening fi if [ "$feature" = "clear_tmp" ]; then echo 'clear_tmp_enable="YES"' >> $BSDINSTALL_TMPETC/rc.conf.hardening _______________________________________________ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
