From owner-freebsd-hackers@freebsd.org  Sun Feb  2 01:46:25 2020
Return-Path: <owner-freebsd-hackers@freebsd.org>
Delivered-To: freebsd-hackers@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 3637D2339E9
 for <freebsd-hackers@mailman.nyi.freebsd.org>;
 Sun,  2 Feb 2020 01:46:25 +0000 (UTC)
 (envelope-from woodsb02@gmail.com)
Received: from mail-vs1-xe29.google.com (mail-vs1-xe29.google.com
 [IPv6:2607:f8b0:4864:20::e29])
 (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
 server-signature RSA-PSS (4096 bits)
 client-signature RSA-PSS (2048 bits) client-digest SHA256)
 (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 489DMN02vYz4KYJ
 for <freebsd-hackers@freebsd.org>; Sun,  2 Feb 2020 01:46:23 +0000 (UTC)
 (envelope-from woodsb02@gmail.com)
Received: by mail-vs1-xe29.google.com with SMTP id v141so6766240vsv.12
 for <freebsd-hackers@freebsd.org>; Sat, 01 Feb 2020 17:46:23 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=mime-version:references:in-reply-to:from:date:message-id:subject:to
 :cc; bh=umbiIBoVN+LLl44AiBUABJpea5RTugbhPtVK0UhrVJo=;
 b=OkSiUrMdhYA6uZgutir6/HtI+1jEd4VXFCa/8jXj94oo1Kfrr2FomYq4jUBqkA2U30
 MC1Z2W++I0TI3wsVUBErKFpQyZPEiCyI9R6KAeUlXmYGKzgKrabau4NnbWFiMazztbEZ
 h8gVIbyos8C+7+GxnvksCcCzJalwcYqSu2tvzZTAta76kdo3BOk1edlupstYcv2c0bW3
 QvJOKW+nt1BeywZuT6VRyUXrmPm9xfa2UbvjsEbxyFt1iscMJQjVTiQo6FpPxfgyVP6P
 l0dVUf+C4AriGKGWu69XAaPM5mvkrlgptqinp4rHkaott9G9P5/4wVTQvJBKIiID5bXS
 VDkA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:references:in-reply-to:from:date
 :message-id:subject:to:cc;
 bh=umbiIBoVN+LLl44AiBUABJpea5RTugbhPtVK0UhrVJo=;
 b=Mguz7I7/8pjc/41raRVKB+3Gr36NGVGppb48NfQ5EgMslludV69Rckysbmxw1gue5z
 9b2gu9970c83MPUxt8KGvOMTR8CH6KyjkR8srVQu7RWnPbBBvhmL50wwqBuzug8+ZeIM
 VWjt574W69OuJ1KRFVE/ANLuQfSDa1lXl/ygUftwRRn0dywkXInSZJbA8SAYWtD38eRh
 8j468AsnQOhH2rOimGXiJo11N2qo0xdBi2Wg2hw/hFHrMlmUlGkm72cX9mFTGiSHw5Mo
 eD93y3dJDxZI8Jk5GVUzA3GFdkblXo+dWYrKS0hV+uVPH72DIERTM4+GsmbYH55Mp5cC
 mu+w==
X-Gm-Message-State: APjAAAXVwAKOznQczCMzl/JZyhL7Lj5/3YooqeH4kA3cYERdu0TgEGrk
 ff7ANTYfBhPTCpq4AxAeq+9zVncCUzHygyO/mac=
X-Google-Smtp-Source: APXvYqyl2AfKoz9M6JY8FIoVh5Kb3E/THoxCnnZg2zxn2jmpQgMfjFKLHIZN9P1vTvmH04fIV8FUB93YpXV2XqZMBw4=
X-Received: by 2002:a05:6102:4a1:: with SMTP id
 r1mr11874332vsa.53.1580607982711; 
 Sat, 01 Feb 2020 17:46:22 -0800 (PST)
MIME-Version: 1.0
References: <4584E3BE-F412-4902-AFB9-CAE88D660ED1@googlemail.com>
 <202002011904.011J4rBB079499@gndrsh.dnsmgr.net>
In-Reply-To: <202002011904.011J4rBB079499@gndrsh.dnsmgr.net>
From: Ben Woods <woodsb02@gmail.com>
Date: Sun, 2 Feb 2020 09:46:11 +0800
Message-ID: <CAOc73CCYfbLvY+egqWruGbP86h_jLryTDvFQ6d4F4_RGQ+mUxw@mail.gmail.com>
Subject: Re: More secure permissions for /root and /etc/sysctl.conf
To: "Rodney W. Grimes" <freebsd-rwg@gndrsh.dnsmgr.net>
Cc: Gordon Bergling <gbergling@googlemail.com>,
 FreeBSD Hackers <freebsd-hackers@freebsd.org>, 
 Ryan Stone <rysto32@gmail.com>, Wojciech Puchar <wojtek@puchar.net>
X-Rspamd-Queue-Id: 489DMN02vYz4KYJ
X-Spamd-Bar: --
Authentication-Results: mx1.freebsd.org;
 dkim=pass header.d=gmail.com header.s=20161025 header.b=OkSiUrMd;
 dmarc=pass (policy=none) header.from=gmail.com;
 spf=pass (mx1.freebsd.org: domain of woodsb02@gmail.com designates
 2607:f8b0:4864:20::e29 as permitted sender) smtp.mailfrom=woodsb02@gmail.com
X-Spamd-Result: default: False [-3.00 / 15.00]; ARC_NA(0.00)[];
 NEURAL_HAM_MEDIUM(-1.00)[-1.000,0];
 R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[];
 DWL_DNSWL_NONE(0.00)[gmail.com.dwl.dnswl.org : 127.0.5.0];
 R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36];
 FREEMAIL_FROM(0.00)[gmail.com];
 MIME_GOOD(-0.10)[multipart/alternative,text/plain];
 PREVIOUSLY_DELIVERED(0.00)[freebsd-hackers@freebsd.org];
 NEURAL_HAM_LONG(-1.00)[-1.000,0]; IP_SCORE_FREEMAIL(0.00)[];
 RCPT_COUNT_FIVE(0.00)[5]; TO_MATCH_ENVRCPT_SOME(0.00)[];
 TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+];
 DMARC_POLICY_ALLOW(-0.50)[gmail.com,none];
 RCVD_IN_DNSWL_NONE(0.00)[9.2.e.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.b.8.f.7.0.6.2.list.dnswl.org
 : 127.0.5.0]; 
 IP_SCORE(0.00)[ip: (-9.57), ipnet: 2607:f8b0::/32(-2.00), asn: 15169(-1.76),
 country: US(-0.05)]; FROM_EQ_ENVFROM(0.00)[];
 MIME_TRACE(0.00)[0:+,1:+,2:~];
 FREEMAIL_ENVFROM(0.00)[gmail.com];
 ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US];
 FREEMAIL_CC(0.00)[googlemail.com]; RCVD_TLS_ALL(0.00)[];
 RCVD_COUNT_TWO(0.00)[2]
Content-Type: text/plain; charset="UTF-8"
X-Content-Filtered-By: Mailman/MimeDel 2.1.29
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
 <freebsd-hackers.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers/>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 02 Feb 2020 01:46:25 -0000

On Sun, 2 Feb 2020 at 03:05, Rodney W. Grimes <freebsd-rwg@gndrsh.dnsmgr.net>
wrote:

> c) The default for home directories in all the BSD's I looked at
>    are 755.
>
> d) All distributions I looked at ship /root as 755.  This would be
>    FreeBSD as the odd man out.
>

I just spun up a few other BSD's to check this, and found the following for
/root permissions:

DragonFlyBSD 5.6.2 = 700
HardenedBSD build 104 = 755
NetBSD 9.0 RC1 = 755
OpenBSD 6.6 = 700

For what it's worth, I am broadly supportive of this because I see no
reason for /root to be world readable.

Given this change only affects new installations, I think the
"astonishment" can be reduced by including an entry in the release notes.

Regards,
Ben

From owner-freebsd-hackers@freebsd.org  Sun Feb  2 12:58:33 2020
Return-Path: <owner-freebsd-hackers@freebsd.org>
Delivered-To: freebsd-hackers@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 587E322DD2E
 for <freebsd-hackers@mailman.nyi.freebsd.org>;
 Sun,  2 Feb 2020 12:58:33 +0000 (UTC) (envelope-from slw@zxy.spb.ru)
Received: from zxy.spb.ru (zxy.spb.ru [195.70.199.98])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 489WGw1Tc1z477T
 for <freebsd-hackers@freebsd.org>; Sun,  2 Feb 2020 12:58:31 +0000 (UTC)
 (envelope-from slw@zxy.spb.ru)
Received: from slw by zxy.spb.ru with local (Exim 4.86 (FreeBSD))
 (envelope-from <slw@zxy.spb.ru>) id 1iyEpS-0008xH-SB
 for freebsd-hackers@freebsd.org; Sun, 02 Feb 2020 15:58:22 +0300
Date: Sun, 2 Feb 2020 15:58:22 +0300
From: Slawa Olhovchenkov <slw@zxy.spb.ru>
To: freebsd-hackers@freebsd.org
Subject: HWPMC trouble
Message-ID: <20200202125822.GB8028@zxy.spb.ru>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.5.24 (2015-08-30)
X-SA-Exim-Connect-IP: <locally generated>
X-SA-Exim-Mail-From: slw@zxy.spb.ru
X-SA-Exim-Scanned: No (on zxy.spb.ru); SAEximRunCond expanded to false
X-Rspamd-Queue-Id: 489WGw1Tc1z477T
X-Spamd-Bar: ++++
Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none;
 spf=none (mx1.freebsd.org: domain of slw@zxy.spb.ru has no SPF policy when
 checking 195.70.199.98) smtp.mailfrom=slw@zxy.spb.ru
X-Spamd-Result: default: False [4.89 / 15.00]; ARC_NA(0.00)[];
 FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[];
 IP_SCORE(0.08)[asn: 5495(0.40), country: RU(0.01)];
 MIME_GOOD(-0.10)[text/plain]; TO_DN_NONE(0.00)[];
 DMARC_NA(0.00)[zxy.spb.ru]; AUTH_NA(1.00)[];
 RCPT_COUNT_ONE(0.00)[1]; NEURAL_SPAM_MEDIUM(0.90)[0.905,0];
 MIME_TRACE(0.00)[0:+]; NEURAL_SPAM_LONG(1.00)[0.999,0];
 R_SPF_NA(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[];
 INTRODUCTION(2.00)[];
 ASN(0.00)[asn:5495, ipnet:195.70.192.0/19, country:RU];
 MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_LAST(0.00)[];
 RCVD_COUNT_TWO(0.00)[2]
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
 <freebsd-hackers.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers/>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 02 Feb 2020 12:58:33 -0000

I am try use hwpmc on this hardware:

CPU: Intel(R) Xeon(R) CPU           X5675  @ 3.07GHz (3066.83-MHz K8-class CPU)
hwpmc: SOFT/16/64/0x67<INT,USR,SYS,REA,WRI> TSC/1/64/0x20<REA> IAP/4/48/0x3ff<INT,USR,SYS,EDG,THR,REA,WRI,INV,QUA,PRC> IAF/3/48/0x67<INT,USR,SYS,REA,WRI> UCP/8/48/0x3f8<EDG,THR,REA,WRI,INV,QUA,PRC> UCF/1/48/0x60<REA,WRI>

I am have some troubles:

1. I am try to discover hotspots in userland code run on 4th CPU:

# pmcstat -c 4 -l 4 -S cpu_clk_unhalted.thread -O sample.out
# ls -l sample.out
-rw-r--r--  1 root  wheel  70480 Feb  2 15:46 sample.out

Too small!

# pmcstat -R sample.out -z100 -G out.txt
CONVERSION STATISTICS:
 #samples/total                           564
 #callchain/dubious-frames                551
# head -30 out.txt 
@ cpu_clk_unhalted.thread [13 samples]

23.08%  [3]        em_update_stats_counters @ /boot/kernel/kernel
 100.0%  [3]         em_if_update_admin_status
  100.0%  [3]          _task_fn_admin
   100.0%  [3]           gtaskqueue_run_locked
    100.0%  [3]            gtaskqueue_thread_loop
     100.0%  [3]             fork_exit

15.38%  [2]        spinlock_exit @ /boot/kernel/kernel
 50.00%  [1]         spinlock_exit
  100.0%  [1]          wakeup_any
   100.0%  [1]           grouptaskqueue_enqueue
    100.0%  [1]            iflib_timer
     100.0%  [1]             softclock_call_cc
      100.0%  [1]              softclock
       100.0%  [1]               ithread_loop
        100.0%  [1]                fork_exit
 50.00%  [1]         cpuctl_do_msr @ /boot/kernel/cpuctl.ko
  100.0%  [1]          devfs_ioctl @ /boot/kernel/kernel
   100.0%  [1]           VOP_IOCTL_APV
    100.0%  [1]            vn_ioctl
     100.0%  [1]             devfs_ioctl_f
      100.0%  [1]              kern_ioctl
       100.0%  [1]               sys_ioctl
        100.0%  [1]                amd64_syscall



I am don't see any actual code path.
In reality `top` show:

CPU 4:   100% user,  0.0% nice,  0.0% system,  0.0% interrupt,  0.0% idle

Where all samples from userland?

2. I am try to discover mostly memory touch codeptah:

# pmcstat -l 4 -S mem_load_retired.llc_miss -O sample.out
# ls -l sample.out
-rw-r--r--  1 root  wheel  235896 Feb  2 15:51 sample.out
# pmcstat -R sample.out
initlog   0x9030000 "INTEL_WESTMERE"
allocate  0x711 "mem_load_retired.llc_miss" 0x20080
allocate  0x100711 "mem_load_retired.llc_miss" 0x20080
allocate  0x200711 "mem_load_retired.llc_miss" 0x20080
allocate  0x300711 "mem_load_retired.llc_miss" 0x20080
allocate  0x400711 "mem_load_retired.llc_miss" 0x20080
allocate  0x500711 "mem_load_retired.llc_miss" 0x20080
allocate  0x600711 "mem_load_retired.llc_miss" 0x20080
allocate  0x700711 "mem_load_retired.llc_miss" 0x20080
allocate  0x800711 "mem_load_retired.llc_miss" 0x20080
allocate  0x900711 "mem_load_retired.llc_miss" 0x20080
allocate  0xa00711 "mem_load_retired.llc_miss" 0x20080
allocate  0xb00711 "mem_load_retired.llc_miss" 0x20080
unknown event (type 20).
unknown event (type 18).
unknown event (type 20).
unknown event (type 18).
unknown event (type 20).
....
unknown event (type 18).
map-in    -1 0xffffffff80200000 "kernel"
map-in    -1 0xffffffff82471000 "xhci.ko"
...

# pmcstat -R sample.out -z100 -G out.txt
CONVERSION STATISTICS:
 #samples/total                           27

# less out.txt 
@ mem_load_retired.llc_miss [27 samples]

81.48%  [22]       native_lapic_ipi_raw @ /boot/kernel/kernel
 100.0%  [22]        sched_add
  100.0%  [22]         setrunnable
   100.0%  [22]          sleepq_signal
    100.0%  [22]           wakeup_any
     100.0%  [22]            grouptaskqueue_enqueue
      100.0%  [22]             iflib_fast_intr
       100.0%  [22]              intr_event_handle
        100.0%  [22]               intr_execute_handlers
         100.0%  [22]                lapic_handle_intr

14.81%  [4]        lapic_handle_intr @ /boot/kernel/kernel

03.70%  [1]        sched_clock @ /boot/kernel/kernel
 100.0%  [1]         statclock
  100.0%  [1]          handleevents
   100.0%  [1]           timercb
    100.0%  [1]            lapic_handle_timer


Where all userland? `pcm.x` output:

 EXEC  : instructions per nominal CPU cycle
 IPC   : instructions per CPU cycle
 FREQ  : relation to nominal CPU frequency='unhalted clock ticks'/'invariant timer ticks' (includes Intel Turbo Boost)
 AFREQ : relation to nominal CPU frequency while in active state (not in power-saving C state)='unhalted clock ticks'/'invariant timer ticks while in C0-state'  (includes Intel Turbo Boost)
 L3MISS: L3 (read) cache misses 
 L2MISS: L2 (read) cache misses (including other core's L2 cache *hits*) 
 L3HIT : L3 (read) cache hit ratio (0.00-1.00)
 L2HIT : L2 cache hit ratio (0.00-1.00)
 L3MPI : number of L3 (read) cache misses per instruction
 L2MPI : number of L2 (read) cache misses per instruction
 READ  : bytes read from main memory controller (in GBytes)
 WRITE : bytes written to main memory controller (in GBytes)
 TEMP  : Temperature reading in 1 degree Celsius relative to the TjMax temperature (thermal headroom): 0 corresponds to the max temperature
 energy: Energy in Joules


 Core (SKT) | EXEC | IPC  | FREQ  | AFREQ | L3MISS | L2MISS | L3HIT | L2HIT | L3MPI | L2MPI |  TEMP

   0    0     0.70   0.64   1.09    1.09      14 M     20 M    0.31    0.26    0.01    0.01     24
   1    0     0.89   0.81   1.09    1.09    3084 K     17 M    0.83    0.31    0.00    0.01     24
   2    0     0.97   0.89   1.09    1.09      17 M     25 M    0.30    0.39    0.01    0.01     28
   3    0     0.01   0.20   0.04    1.09      37 K    327 K    0.89    0.73    0.00    0.01     28
   4    0     0.68   0.63   1.09    1.09    7268 K   9959 K    0.27    0.13    0.00    0.00     28
   5    0     0.68   0.63   1.09    1.09    7275 K   9789 K    0.26    0.12    0.00    0.00     28
   6    0     0.68   0.63   1.09    1.09    7271 K     10 M    0.28    0.11    0.00    0.00     24
   7    0     0.68   0.62   1.09    1.09    7269 K   9761 K    0.26    0.11    0.00    0.00     24
   8    0     0.65   0.60   1.09    1.09    7265 K     10 M    0.29    0.18    0.00    0.01     23
   9    0     0.68   0.62   1.09    1.09    7270 K     10 M    0.28    0.17    0.00    0.00     23
  10    0     0.65   0.60   1.09    1.09    7272 K     10 M    0.28    0.18    0.00    0.01     26
  11    0     0.67   0.62   1.09    1.09    7283 K   9946 K    0.27    0.18    0.00    0.00     26
---------------------------------------------------------------------------------------------------------------
 SKT    0     0.66   0.66   1.00    1.09      93 M    143 M    0.35    0.24    0.00    0.01     N/A
---------------------------------------------------------------------------------------------------------------
 TOTAL  *     0.66   0.66   1.00    1.09      93 M    143 M    0.35    0.24    0.00    0.01     N/A

 Instructions retired:   24 G ; Active cycles:   36 G ; Time (TSC): 3069 Mticks ; C0 (active,non-halted) core residency: 92.01 %

 C1 core residency: 7.99 %; C3 core residency: 0.00 %; C6 core residency: 0.00 %;
 C3 package residency: 0.00 %; C6 package residency: 0.00 %; C7 package residency: 0.00 %;

 PHYSICAL CORE IPC                 : 1.32 => corresponds to 33.07 % utilization for cores in active state
 Instructions per nominal CPU cycle: 1.32 => corresponds to 33.07 % core utilization over time interval
 SMI count: 0
---------------------------------------------------------------------------------------------------------------
MEM (GB)->|  READ |  WRITE |
---------------------------------------------------------------------------------------------------------------
 SKT   0     7.36     5.04                   
---------------------------------------------------------------------------------------------------------------

I.e I am got 7.2M LLC miss in reality and don't collect any.

What I am miss?


From owner-freebsd-hackers@freebsd.org  Sun Feb  2 13:44:01 2020
Return-Path: <owner-freebsd-hackers@freebsd.org>
Delivered-To: freebsd-hackers@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 7B1F522E8DC
 for <freebsd-hackers@mailman.nyi.freebsd.org>;
 Sun,  2 Feb 2020 13:44:01 +0000 (UTC)
 (envelope-from woodsb02@gmail.com)
Received: from mail-vs1-xe41.google.com (mail-vs1-xe41.google.com
 [IPv6:2607:f8b0:4864:20::e41])
 (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
 server-signature RSA-PSS (4096 bits)
 client-signature RSA-PSS (2048 bits) client-digest SHA256)
 (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 489XHN37Glz48jg
 for <freebsd-hackers@freebsd.org>; Sun,  2 Feb 2020 13:44:00 +0000 (UTC)
 (envelope-from woodsb02@gmail.com)
Received: by mail-vs1-xe41.google.com with SMTP id k188so7239441vsc.8
 for <freebsd-hackers@freebsd.org>; Sun, 02 Feb 2020 05:44:00 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=mime-version:references:in-reply-to:from:date:message-id:subject:to
 :cc; bh=p9VB9hsS3vLUUEJEf+sf5ISPWbZ/ZTBEHuAxd55KYRY=;
 b=IhEq73qJ1znUVTgMs5RU5vjv/cJeKsFRdfB9EVqqpX/6rwPl/3KQ5pZ7GRELz1e7Fj
 pgnYCBHhYmXXBuolXY2m1r61woLsPLhnlF5cnmUDkAqV3xuryL6cSeD/bQPS64zyKXn7
 iG2i/cs5BTe5161CAM26zHbOjUkJvey9ojTOL51JNebA3UT3h5gDIgaAFURQVS8vK+M2
 N9m9BOoz7ONp3afaw8avGagH24HvxvtL388Mj3EpLOlYP4/GYCnSl44QFxrxiUuSTqwo
 eQlvtddnx2GNc++Ap357Vai1aJIqTFSMNEj2JHFbF1NJArAvtP6J7Je1jMPWtgi0d03X
 ++qA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:references:in-reply-to:from:date
 :message-id:subject:to:cc;
 bh=p9VB9hsS3vLUUEJEf+sf5ISPWbZ/ZTBEHuAxd55KYRY=;
 b=JmsHuWQk04WJ6/5w1Lr/WbXzZd1F/Erqx4pt2UBv4IOQef1KvchLCIYtWRXkul8R4F
 06wPLyOmmkl7VAOF8GLtMabn42pFYxxJMdOx4z+4HDCEnYzzPCLIMr0mbgrNDaH0R5Pr
 BhttstwJ/VI/mk9dCECPuE381HPYd16eBRVgAHOnJtoFWmujyYxUMs+UKKruaNBNArSW
 r14dOfdrIr4G6Tp595rFWNks3Yj7iZ05GOOI/a7IqNSen3B7l6S/dEryG56GcoILV7Q+
 V9TWoOSCotLfUN+NyHQlnrLkMglClF1KXqXpO9+fiNn29LfB5FaMbNzwRAotxt56j+ca
 Yb0Q==
X-Gm-Message-State: APjAAAXng9pRvBn5zjZ4HTQhJLnE34w5zlgrELsJbjgepy9zN37rZci+
 rkTS+Sa/03ppnC1tm+EGE2Ps7T2Oz8KSFD03LD0=
X-Google-Smtp-Source: APXvYqwlfWXzfuKMf6tvB8tlIzqsYM9rgBMG8F69KuIev/yXCnkW6c1lvGhNUuRSXMI462E8cPQGSwMH5iIBAmSa69s=
X-Received: by 2002:a67:be13:: with SMTP id x19mr12062403vsq.20.1580651039123; 
 Sun, 02 Feb 2020 05:43:59 -0800 (PST)
MIME-Version: 1.0
References: <4584E3BE-F412-4902-AFB9-CAE88D660ED1@googlemail.com>
 <202002011904.011J4rBB079499@gndrsh.dnsmgr.net>
 <CAOc73CCYfbLvY+egqWruGbP86h_jLryTDvFQ6d4F4_RGQ+mUxw@mail.gmail.com>
In-Reply-To: <CAOc73CCYfbLvY+egqWruGbP86h_jLryTDvFQ6d4F4_RGQ+mUxw@mail.gmail.com>
From: Ben Woods <woodsb02@gmail.com>
Date: Sun, 2 Feb 2020 21:43:44 +0800
Message-ID: <CAOc73CCXKKLos9+TQeD8EFMH8RAinRZmc6pVC4Onkoo8WvCSYA@mail.gmail.com>
Subject: Re: More secure permissions for /root and /etc/sysctl.conf
To: "Rodney W. Grimes" <freebsd-rwg@gndrsh.dnsmgr.net>
Cc: Gordon Bergling <gbergling@googlemail.com>,
 FreeBSD Hackers <freebsd-hackers@freebsd.org>, 
 Ryan Stone <rysto32@gmail.com>, Wojciech Puchar <wojtek@puchar.net>
X-Rspamd-Queue-Id: 489XHN37Glz48jg
X-Spamd-Bar: --
Authentication-Results: mx1.freebsd.org;
 dkim=pass header.d=gmail.com header.s=20161025 header.b=IhEq73qJ;
 dmarc=pass (policy=none) header.from=gmail.com;
 spf=pass (mx1.freebsd.org: domain of woodsb02@gmail.com designates
 2607:f8b0:4864:20::e41 as permitted sender) smtp.mailfrom=woodsb02@gmail.com
X-Spamd-Result: default: False [-3.00 / 15.00]; ARC_NA(0.00)[];
 NEURAL_HAM_MEDIUM(-1.00)[-1.000,0];
 R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[];
 R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36];
 FREEMAIL_FROM(0.00)[gmail.com];
 MIME_GOOD(-0.10)[multipart/alternative,text/plain];
 PREVIOUSLY_DELIVERED(0.00)[freebsd-hackers@freebsd.org];
 NEURAL_HAM_LONG(-1.00)[-1.000,0]; RCVD_COUNT_TWO(0.00)[2];
 RCPT_COUNT_FIVE(0.00)[5]; IP_SCORE_FREEMAIL(0.00)[];
 TO_MATCH_ENVRCPT_SOME(0.00)[]; TO_DN_ALL(0.00)[];
 DKIM_TRACE(0.00)[gmail.com:+];
 DMARC_POLICY_ALLOW(-0.50)[gmail.com,none];
 RCVD_IN_DNSWL_NONE(0.00)[1.4.e.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.b.8.f.7.0.6.2.list.dnswl.org
 : 127.0.5.0]; 
 IP_SCORE(0.00)[ip: (2.55), ipnet: 2607:f8b0::/32(-2.00), asn: 15169(-1.76),
 country: US(-0.05)]; FROM_EQ_ENVFROM(0.00)[];
 MIME_TRACE(0.00)[0:+,1:+,2:~];
 FREEMAIL_ENVFROM(0.00)[gmail.com];
 ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US];
 FREEMAIL_CC(0.00)[googlemail.com]; RCVD_TLS_ALL(0.00)[];
 DWL_DNSWL_NONE(0.00)[gmail.com.dwl.dnswl.org : 127.0.5.0]
Content-Type: text/plain; charset="UTF-8"
X-Content-Filtered-By: Mailman/MimeDel 2.1.29
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
 <freebsd-hackers.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers/>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 02 Feb 2020 13:44:01 -0000

On Sun, 2 Feb 2020 at 09:46, Ben Woods <woodsb02@gmail.com> wrote:

> On Sun, 2 Feb 2020 at 03:05, Rodney W. Grimes <
> freebsd-rwg@gndrsh.dnsmgr.net> wrote:
>
>> c) The default for home directories in all the BSD's I looked at
>>    are 755.
>>
>> d) All distributions I looked at ship /root as 755.  This would be
>>    FreeBSD as the odd man out.
>>
>
> I just spun up a few other BSD's to check this, and found the following
> for /root permissions:
>
> DragonFlyBSD 5.6.2 = 700
> HardenedBSD build 104 = 755
> NetBSD 9.0 RC1 = 755
> OpenBSD 6.6 = 700
>

In case anyone is interested, I have also had a look at a few popular Linux
distributions, and found the following for /root permissions:

ArchLinux 2020.02.01 = 700
CentOS 8 = 550
Debian 10 = 700
Fedora 31 = 550
Slackware 14.2 = 710
Ubuntu 19.10 = 700

Regards,
Ben

From owner-freebsd-hackers@freebsd.org  Sun Feb  2 13:58:14 2020
Return-Path: <owner-freebsd-hackers@freebsd.org>
Delivered-To: freebsd-hackers@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id A787C22EED6
 for <freebsd-hackers@mailman.nyi.freebsd.org>;
 Sun,  2 Feb 2020 13:58:14 +0000 (UTC)
 (envelope-from SRS0=tzhe=3W=quip.cz=000.fbsd@elsa.codelab.cz)
Received: from elsa.codelab.cz (elsa.codelab.cz [94.124.105.4])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 489Xbn5l8pz49Jk
 for <freebsd-hackers@freebsd.org>; Sun,  2 Feb 2020 13:58:13 +0000 (UTC)
 (envelope-from SRS0=tzhe=3W=quip.cz=000.fbsd@elsa.codelab.cz)
Received: from elsa.codelab.cz (localhost [127.0.0.1])
 by elsa.codelab.cz (Postfix) with ESMTP id 2FBE728417;
 Sun,  2 Feb 2020 14:58:11 +0100 (CET)
Received: from illbsd.quip.test (ip-62-24-92-232.net.upcbroadband.cz
 [62.24.92.232])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (No client certificate requested)
 by elsa.codelab.cz (Postfix) with ESMTPSA id 47D2A28429;
 Sun,  2 Feb 2020 14:58:09 +0100 (CET)
Subject: Re: More secure permissions for /root and /etc/sysctl.conf
To: Ben Woods <woodsb02@gmail.com>,
 "Rodney W. Grimes" <freebsd-rwg@gndrsh.dnsmgr.net>
Cc: FreeBSD Hackers <freebsd-hackers@freebsd.org>,
 Gordon Bergling <gbergling@googlemail.com>, Ryan Stone <rysto32@gmail.com>,
 Wojciech Puchar <wojtek@puchar.net>
References: <4584E3BE-F412-4902-AFB9-CAE88D660ED1@googlemail.com>
 <202002011904.011J4rBB079499@gndrsh.dnsmgr.net>
 <CAOc73CCYfbLvY+egqWruGbP86h_jLryTDvFQ6d4F4_RGQ+mUxw@mail.gmail.com>
From: Miroslav Lachman <000.fbsd@quip.cz>
Message-ID: <616e8222-a377-fdf0-bf55-79e73a509065@quip.cz>
Date: Sun, 2 Feb 2020 14:58:09 +0100
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101
 Firefox/52.0 SeaMonkey/2.49.3
MIME-Version: 1.0
In-Reply-To: <CAOc73CCYfbLvY+egqWruGbP86h_jLryTDvFQ6d4F4_RGQ+mUxw@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Rspamd-Queue-Id: 489Xbn5l8pz49Jk
X-Spamd-Bar: +++
Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none;
 spf=none (mx1.freebsd.org: domain of
 SRS0=tzhe=3W=quip.cz=000.fbsd@elsa.codelab.cz has no SPF policy when checking
 94.124.105.4) smtp.mailfrom=SRS0=tzhe=3W=quip.cz=000.fbsd@elsa.codelab.cz
X-Spamd-Result: default: False [3.68 / 15.00]; ARC_NA(0.00)[];
 RCVD_VIA_SMTP_AUTH(0.00)[]; FROM_HAS_DN(0.00)[];
 IP_SCORE(0.86)[ip: (0.34), ipnet: 94.124.104.0/21(0.17), asn: 42000(3.69),
 country: CZ(0.09)]; MIME_GOOD(-0.10)[text/plain];
 RCVD_TLS_LAST(0.00)[]; DMARC_NA(0.00)[quip.cz];
 AUTH_NA(1.00)[]; RCPT_COUNT_FIVE(0.00)[6];
 RCVD_COUNT_THREE(0.00)[3]; TO_MATCH_ENVRCPT_SOME(0.00)[];
 TO_DN_ALL(0.00)[]; NEURAL_SPAM_MEDIUM(0.62)[0.623,0];
 NEURAL_SPAM_LONG(1.00)[0.999,0];
 RCVD_IN_DNSWL_NONE(0.00)[4.105.124.94.list.dnswl.org : 127.0.10.0];
 R_SPF_NA(0.00)[];
 FORGED_SENDER(0.30)[000.fbsd@quip.cz,SRS0=tzhe=3W=quip.cz=000.fbsd@elsa.codelab.cz];
 FREEMAIL_TO(0.00)[gmail.com]; R_DKIM_NA(0.00)[];
 MIME_TRACE(0.00)[0:+];
 ASN(0.00)[asn:42000, ipnet:94.124.104.0/21, country:CZ];
 FROM_NEQ_ENVFROM(0.00)[000.fbsd@quip.cz,SRS0=tzhe=3W=quip.cz=000.fbsd@elsa.codelab.cz];
 MID_RHS_MATCH_FROM(0.00)[]
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
 <freebsd-hackers.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers/>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 02 Feb 2020 13:58:14 -0000

Ben Woods wrote on 2020/02/02 02:46:

[...]
> DragonFlyBSD 5.6.2 = 700
> HardenedBSD build 104 = 755
> NetBSD 9.0 RC1 = 755
> OpenBSD 6.6 = 700
> 
> For what it's worth, I am broadly supportive of this because I see no
> reason for /root to be world readable.

+1

I see no reason for world readable /root too.
We always set user's homes to 0700 (subdirs of /usr/home).

Miroslav Lachman

From owner-freebsd-hackers@freebsd.org  Sun Feb  2 14:34:07 2020
Return-Path: <owner-freebsd-hackers@freebsd.org>
Delivered-To: freebsd-hackers@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 5DFC02301DF
 for <freebsd-hackers@mailman.nyi.freebsd.org>;
 Sun,  2 Feb 2020 14:34:07 +0000 (UTC)
 (envelope-from woodsb02@gmail.com)
Received: from mail-vs1-xe31.google.com (mail-vs1-xe31.google.com
 [IPv6:2607:f8b0:4864:20::e31])
 (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
 server-signature RSA-PSS (4096 bits)
 client-signature RSA-PSS (2048 bits) client-digest SHA256)
 (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 489YPB1rNlz4Dvx
 for <freebsd-hackers@freebsd.org>; Sun,  2 Feb 2020 14:34:05 +0000 (UTC)
 (envelope-from woodsb02@gmail.com)
Received: by mail-vs1-xe31.google.com with SMTP id x18so7310323vsq.4
 for <freebsd-hackers@freebsd.org>; Sun, 02 Feb 2020 06:34:05 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=mime-version:references:in-reply-to:from:date:message-id:subject:to
 :cc; bh=t1JyPLW9MTQ2/7pQ7jLUBHV22T2LsS3BvYtJ+hbOUsI=;
 b=VwG5fAbgouuTTJ0a56x++O7x/iBC2tZt1OpgwVuHLzuaXqbbddzIKsj66t08lDxEQk
 D0xlILnuNvz/N8DtKzK/GppyuAt1174aIQvJfvwcQ4YQSV/LgU7zGB03Z9y0tA957ItP
 rfrHH51uAtYReUHuXlBdHlO14wVMuZNvRxaJf1VInRHFPH0Z8oSzXoCjSmhonc+SHF+8
 kJSzYXtPftgJX6Rs+LBIklQxnCuGJU0B1Ihg2GqCXvN4ZUzBNAd5CziTOW96COSlEwHu
 OiUOt6+XmpSGxCMSNz9o9nfCLIlo3Tyyi7/14oYszEX6krj/0L8Wx8aEa5FeOXt1H4JF
 MVFQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:references:in-reply-to:from:date
 :message-id:subject:to:cc;
 bh=t1JyPLW9MTQ2/7pQ7jLUBHV22T2LsS3BvYtJ+hbOUsI=;
 b=Di/r4ermGNY9r8aeQUkFxPCkconU+CNWqhaWOb9Gn3fq0AE7fMA/Mv9JnO37f/A+X1
 R3SHts4MUgX2wVe/O0dMqvFf0IO7lqs1wkwazucW+xv2eyv3HBhvXA3ll/DiEH4GkmOi
 mokJIMZxQuIn+fTwJLida09BObT+PPbZVtB5rH9e4KYkksQ83HPRzlc0WtbnVrZGZWa/
 pzcwemLGcSjngADkAzAX3KZuiYd+jN729ygNPtNcURH94O1s5A6E2twA8aG9WdrmhYf1
 Vu+9afKOw0vmfETXMYhnAzQ8ssOvcYO1LRu5qfP25ILUv0/i3Y4kDt/8AlrfHq3NPn/2
 CAIw==
X-Gm-Message-State: APjAAAXa7v+XHuQHo4deUR6VNhfDdeDzfhC+XNI/NkDjH1L1YUDjcEy2
 k8AJw1DwB8AFjDLXFeMsaCX2lSb2UfvNt4Vjv5A=
X-Google-Smtp-Source: APXvYqz++juUAdPsTlyFsJmvStFZozPoloWGlQ3UxtFfOaBEwaBeB5iSroNlXd8/EUOyu6a9JwZ9t0iwP1mDATsMUwM=
X-Received: by 2002:a67:be13:: with SMTP id x19mr12160383vsq.20.1580654045099; 
 Sun, 02 Feb 2020 06:34:05 -0800 (PST)
MIME-Version: 1.0
References: <4584E3BE-F412-4902-AFB9-CAE88D660ED1@googlemail.com>
 <202002011904.011J4rBB079499@gndrsh.dnsmgr.net>
 <CAOc73CCYfbLvY+egqWruGbP86h_jLryTDvFQ6d4F4_RGQ+mUxw@mail.gmail.com>
 <CAOc73CCXKKLos9+TQeD8EFMH8RAinRZmc6pVC4Onkoo8WvCSYA@mail.gmail.com>
In-Reply-To: <CAOc73CCXKKLos9+TQeD8EFMH8RAinRZmc6pVC4Onkoo8WvCSYA@mail.gmail.com>
From: Ben Woods <woodsb02@gmail.com>
Date: Sun, 2 Feb 2020 22:33:53 +0800
Message-ID: <CAOc73CALE+WQViyYLcCxeGs5NEt4_sC-VH8q_+Vhx2i23j6YwQ@mail.gmail.com>
Subject: Re: More secure permissions for /root and /etc/sysctl.conf
To: "Rodney W. Grimes" <freebsd-rwg@gndrsh.dnsmgr.net>
Cc: Gordon Bergling <gbergling@googlemail.com>,
 FreeBSD Hackers <freebsd-hackers@freebsd.org>, 
 Ryan Stone <rysto32@gmail.com>, Wojciech Puchar <wojtek@puchar.net>
X-Rspamd-Queue-Id: 489YPB1rNlz4Dvx
X-Spamd-Bar: --
Authentication-Results: mx1.freebsd.org;
 dkim=pass header.d=gmail.com header.s=20161025 header.b=VwG5fAbg;
 dmarc=pass (policy=none) header.from=gmail.com;
 spf=pass (mx1.freebsd.org: domain of woodsb02@gmail.com designates
 2607:f8b0:4864:20::e31 as permitted sender) smtp.mailfrom=woodsb02@gmail.com
X-Spamd-Result: default: False [-3.00 / 15.00]; ARC_NA(0.00)[];
 NEURAL_HAM_MEDIUM(-1.00)[-1.000,0];
 R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[];
 R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36];
 FREEMAIL_FROM(0.00)[gmail.com];
 MIME_GOOD(-0.10)[multipart/alternative,text/plain];
 PREVIOUSLY_DELIVERED(0.00)[freebsd-hackers@freebsd.org];
 NEURAL_HAM_LONG(-1.00)[-1.000,0]; RCVD_COUNT_TWO(0.00)[2];
 RCPT_COUNT_FIVE(0.00)[5]; IP_SCORE_FREEMAIL(0.00)[];
 TO_MATCH_ENVRCPT_SOME(0.00)[]; TO_DN_ALL(0.00)[];
 DKIM_TRACE(0.00)[gmail.com:+];
 DMARC_POLICY_ALLOW(-0.50)[gmail.com,none];
 RCVD_IN_DNSWL_NONE(0.00)[1.3.e.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.b.8.f.7.0.6.2.list.dnswl.org
 : 127.0.5.0]; 
 IP_SCORE(0.00)[ip: (-9.66), ipnet: 2607:f8b0::/32(-2.00), asn: 15169(-1.76),
 country: US(-0.05)]; FROM_EQ_ENVFROM(0.00)[];
 MIME_TRACE(0.00)[0:+,1:+,2:~];
 FREEMAIL_ENVFROM(0.00)[gmail.com];
 ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US];
 FREEMAIL_CC(0.00)[googlemail.com]; RCVD_TLS_ALL(0.00)[];
 DWL_DNSWL_NONE(0.00)[gmail.com.dwl.dnswl.org : 127.0.5.0]
Content-Type: text/plain; charset="UTF-8"
X-Content-Filtered-By: Mailman/MimeDel 2.1.29
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
 <freebsd-hackers.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers/>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 02 Feb 2020 14:34:07 -0000

On Sun, 2 Feb 2020 at 21:43, Ben Woods <woodsb02@gmail.com> wrote:

> ArchLinux 2020.02.01 = 700
>

Apologies, ArchLinux 2020.02.01 = 750.

Interestingly, the installer image has 700, whilst the installed OS has 750.

Regards,
Ben

--
From: Benjamin Woods
woodsb02@gmail.com

From owner-freebsd-hackers@freebsd.org  Sun Feb  2 18:08:18 2020
Return-Path: <owner-freebsd-hackers@freebsd.org>
Delivered-To: freebsd-hackers@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 01C73235329
 for <freebsd-hackers@mailman.nyi.freebsd.org>;
 Sun,  2 Feb 2020 18:08:18 +0000 (UTC)
 (envelope-from freebsd-rwg@gndrsh.dnsmgr.net)
Received: from gndrsh.dnsmgr.net (br1.CN84in.dnsmgr.net [69.59.192.140])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 489f8J3Vfgz4SsK
 for <freebsd-hackers@freebsd.org>; Sun,  2 Feb 2020 18:08:15 +0000 (UTC)
 (envelope-from freebsd-rwg@gndrsh.dnsmgr.net)
Received: from gndrsh.dnsmgr.net (localhost [127.0.0.1])
 by gndrsh.dnsmgr.net (8.13.3/8.13.3) with ESMTP id 012I8D9W083836;
 Sun, 2 Feb 2020 10:08:13 -0800 (PST)
 (envelope-from freebsd-rwg@gndrsh.dnsmgr.net)
Received: (from freebsd-rwg@localhost)
 by gndrsh.dnsmgr.net (8.13.3/8.13.3/Submit) id 012I8CNm083835;
 Sun, 2 Feb 2020 10:08:12 -0800 (PST) (envelope-from freebsd-rwg)
From: "Rodney W. Grimes" <freebsd-rwg@gndrsh.dnsmgr.net>
Message-Id: <202002021808.012I8CNm083835@gndrsh.dnsmgr.net>
Subject: Re: More secure permissions for /root and /etc/sysctl.conf
In-Reply-To: <616e8222-a377-fdf0-bf55-79e73a509065@quip.cz>
To: Miroslav Lachman <000.fbsd@quip.cz>
Date: Sun, 2 Feb 2020 10:08:12 -0800 (PST)
CC: Ben Woods <woodsb02@gmail.com>,
 "Rodney W. Grimes" <freebsd-rwg@gndrsh.dnsmgr.net>,
 FreeBSD Hackers <freebsd-hackers@freebsd.org>,
 Gordon Bergling <gbergling@googlemail.com>,
 Ryan Stone <rysto32@gmail.com>, Wojciech Puchar <wojtek@puchar.net>
X-Mailer: ELM [version 2.4ME+ PL121h (25)]
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=US-ASCII
X-Rspamd-Queue-Id: 489f8J3Vfgz4SsK
X-Spamd-Bar: /
Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none;
 spf=none (mx1.freebsd.org: domain of freebsd-rwg@gndrsh.dnsmgr.net has no SPF
 policy when checking 69.59.192.140)
 smtp.mailfrom=freebsd-rwg@gndrsh.dnsmgr.net
X-Spamd-Result: default: False [-0.05 / 15.00]; ARC_NA(0.00)[];
 NEURAL_HAM_MEDIUM(-0.78)[-0.784,0]; FROM_HAS_DN(0.00)[];
 IP_SCORE(0.03)[ip: (0.13), ipnet: 69.59.192.0/19(0.07), asn: 13868(0.03),
 country: US(-0.05)]; MIME_GOOD(-0.10)[text/plain];
 RCVD_TLS_LAST(0.00)[]; DMARC_NA(0.00)[dnsmgr.net];
 AUTH_NA(1.00)[]; NEURAL_HAM_LONG(-0.20)[-0.199,0];
 TO_MATCH_ENVRCPT_SOME(0.00)[]; TO_DN_ALL(0.00)[];
 RCPT_COUNT_SEVEN(0.00)[7]; R_SPF_NA(0.00)[];
 FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[];
 MIME_TRACE(0.00)[0:+];
 ASN(0.00)[asn:13868, ipnet:69.59.192.0/19, country:US];
 FREEMAIL_CC(0.00)[gmail.com]; MID_RHS_MATCH_FROM(0.00)[];
 RCVD_COUNT_TWO(0.00)[2]
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
 <freebsd-hackers.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers/>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 02 Feb 2020 18:08:18 -0000

[ Charset UTF-8 unsupported, converting... ]
> Ben Woods wrote on 2020/02/02 02:46:
> 
> [...]
> > DragonFlyBSD 5.6.2 = 700
> > HardenedBSD build 104 = 755
> > NetBSD 9.0 RC1 = 755
> > OpenBSD 6.6 = 700
> > 
> > For what it's worth, I am broadly supportive of this because I see no
> > reason for /root to be world readable.
> 
> +1
> 
> I see no reason for world readable /root too.
> We always set user's homes to 0700 (subdirs of /usr/home).

Who is "We" in this context?

FreeBSD's default for home directories is 755.

And as I have stated before anyone who is taking group rx off
of /root is fooling themselves as that just creates pain for
members of group wheel who now needlessly need to su to
see /root's files.

If you have issues with group wheel being able to read /root
you have far far bigger problems that need addressed than
a simple chmod g-rw /root is going to fix.

-- 
Rod Grimes                                                 rgrimes@freebsd.org

From owner-freebsd-hackers@freebsd.org  Sun Feb  2 20:42:56 2020
Return-Path: <owner-freebsd-hackers@freebsd.org>
Delivered-To: freebsd-hackers@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 8FFBD238BDA
 for <freebsd-hackers@mailman.nyi.freebsd.org>;
 Sun,  2 Feb 2020 20:42:56 +0000 (UTC)
 (envelope-from tommi.pernila@gmail.com)
Received: from mail-qv1-xf2b.google.com (mail-qv1-xf2b.google.com
 [IPv6:2607:f8b0:4864:20::f2b])
 (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
 server-signature RSA-PSS (4096 bits)
 client-signature RSA-PSS (2048 bits) client-digest SHA256)
 (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 489jZl4L1Sz4ctq
 for <freebsd-hackers@freebsd.org>; Sun,  2 Feb 2020 20:42:55 +0000 (UTC)
 (envelope-from tommi.pernila@gmail.com)
Received: by mail-qv1-xf2b.google.com with SMTP id z3so5911234qvn.0
 for <freebsd-hackers@freebsd.org>; Sun, 02 Feb 2020 12:42:55 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=mime-version:references:in-reply-to:from:date:message-id:subject:to
 :cc; bh=Hhc8+zViUEPJP2venJzmk/sSUgf98O3b1DPpVqNIRYU=;
 b=Aw5uVO/z5y2AbsLKYLl2y5kCYg3wyx0wKK7oarKnzGN6ItOBd8Ba1AQo5Hinj+8yIQ
 02t4Mq/Aao0XjV9uVp9QQapcYNTp5yEnI4bHPMMaFlhNJuYwyCed9fiFUylxq1ZndVMF
 9n1Txr7tWz0/nypLTyZNTpKH8NiCFR0Ua+CEirkgVW/wyjV2+VawghVnykqXxNtEumeZ
 VTaC2Kh87fP7iHWYIKx87+ofsSd6rimbZ1bRXDEOqaPNZ1yixAz1SWIFDGPIp2tvQ1tD
 pgWIER6w+SYDfn3/NYbsjNNwO+pbrLA76RDBjitALC3VKfs89i+rbY4ATjqkYbXNt5Ju
 GIoA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:references:in-reply-to:from:date
 :message-id:subject:to:cc;
 bh=Hhc8+zViUEPJP2venJzmk/sSUgf98O3b1DPpVqNIRYU=;
 b=cKELCMsiXlbwnKDenhYo5D52sYsiShq3dHUQJjRf9+lvR1IzYe9ku5ai4RT3M5yBMs
 JiOP2qQIqLZIbUsxguo/n84DMp+T1YbpqFR6WatJvbzobNjTrSOLKqbAGgW/SgxPzQFh
 3PKtoaor1ZGCnPuN4BWOVG97jhLYq3tHauRq2I02XOVRZngXT0WTQuqdLIKiKWqLXfmT
 2lDZuxLV4ZXBIdPf8cjCBMcY6wL1fZN66x/Sv60qUh8knSdySoe+zePr3pJg+MT/3Rl1
 aQHXwr6dQvswrOYhROCCXCWvPatRxmMGhy+W9c/d2Eae97qX74YQGPZPxkFFDlqgmf2F
 mbQg==
X-Gm-Message-State: APjAAAUsKja+RFLJo/ZC6x5XS/WSfdxDeVlWiYC3cz388gOM7x3CA9XN
 IgJUh4v+d/TrabzffzyUPS5xcfjRC/uyLOyzXzY=
X-Google-Smtp-Source: APXvYqxM9Gk76oMH2gEIWgQ27PuUMxeAkgHfJqwLzEUTBd3VU48OF+e0AVn3auu8XMLwtI+5DkjjzHq/48puEkYY3XI=
X-Received: by 2002:a0c:edc3:: with SMTP id i3mr20275020qvr.29.1580676168703; 
 Sun, 02 Feb 2020 12:42:48 -0800 (PST)
MIME-Version: 1.0
References: <616e8222-a377-fdf0-bf55-79e73a509065@quip.cz>
 <202002021808.012I8CNm083835@gndrsh.dnsmgr.net>
In-Reply-To: <202002021808.012I8CNm083835@gndrsh.dnsmgr.net>
From: Tommi Pernila <tommi.pernila@gmail.com>
Date: Sun, 2 Feb 2020 22:42:37 +0200
Message-ID: <CABHD1wTK1TUhEjL5-J_j3GAFoMevHRnt4UrKTN4zoxgGOCOmjg@mail.gmail.com>
Subject: Re: More secure permissions for /root and /etc/sysctl.conf
To: "Rodney W. Grimes" <freebsd-rwg@gndrsh.dnsmgr.net>
Cc: Ben Woods <woodsb02@gmail.com>,
 FreeBSD Hackers <freebsd-hackers@freebsd.org>, 
 Gordon Bergling <gbergling@googlemail.com>, Miroslav Lachman <000.fbsd@quip.cz>,
 Ryan Stone <rysto32@gmail.com>, Wojciech Puchar <wojtek@puchar.net>
X-Rspamd-Queue-Id: 489jZl4L1Sz4ctq
X-Spamd-Bar: -
Authentication-Results: mx1.freebsd.org;
 dkim=pass header.d=gmail.com header.s=20161025 header.b=Aw5uVO/z;
 dmarc=pass (policy=none) header.from=gmail.com;
 spf=pass (mx1.freebsd.org: domain of tommipernila@gmail.com designates
 2607:f8b0:4864:20::f2b as permitted sender)
 smtp.mailfrom=tommipernila@gmail.com
X-Spamd-Result: default: False [-2.00 / 15.00];
 R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36];
 FREEMAIL_FROM(0.00)[gmail.com]; URI_COUNT_ODD(1.00)[3];
 TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+];
 DMARC_POLICY_ALLOW(-0.50)[gmail.com,none];
 RCPT_COUNT_SEVEN(0.00)[7]; FROM_EQ_ENVFROM(0.00)[];
 IP_SCORE(0.00)[ip: (-4.08), ipnet: 2607:f8b0::/32(-2.00), asn: 15169(-1.76),
 country: US(-0.05)]; MIME_TRACE(0.00)[0:+,1:+,2:~];
 FREEMAIL_ENVFROM(0.00)[gmail.com];
 ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US];
 TAGGED_FROM(0.00)[];
 DWL_DNSWL_NONE(0.00)[gmail.com.dwl.dnswl.org : 127.0.5.0];
 ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0];
 R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[];
 NEURAL_HAM_LONG(-1.00)[-1.000,0];
 MIME_GOOD(-0.10)[multipart/alternative,text/plain];
 PREVIOUSLY_DELIVERED(0.00)[freebsd-hackers@freebsd.org];
 IP_SCORE_FREEMAIL(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[];
 RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[];
 FREEMAIL_CC(0.00)[gmail.com]
Content-Type: text/plain; charset="UTF-8"
X-Content-Filtered-By: Mailman/MimeDel 2.1.29
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
 <freebsd-hackers.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers/>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 02 Feb 2020 20:42:56 -0000

On Sun 2. Feb 2020 at 20.08, Rodney W. Grimes <freebsd-rwg@gndrsh.dnsmgr.net>
wrote:

> [ Charset UTF-8 unsupported, converting... ]
> > Ben Woods wrote on 2020/02/02 02:46:
> >
> > [...]
> > > DragonFlyBSD 5.6.2 = 700
> > > HardenedBSD build 104 = 755
> > > NetBSD 9.0 RC1 = 755
> > > OpenBSD 6.6 = 700
> > >
> > > For what it's worth, I am broadly supportive of this because I see no
> > > reason for /root to be world readable.
> >
> > +1
> >
> > I see no reason for world readable /root too.
> > We always set user's homes to 0700 (subdirs of /usr/home).
>
> Who is "We" in this context?
>
> FreeBSD's default for home directories is 755.
>
> And as I have stated before anyone who is taking group rx off
> of /root is fooling themselves as that just creates pain for
> members of group wheel who now needlessly need to su to
> see /root's files.
>
> If you have issues with group wheel being able to read /root
> you have far far bigger problems that need addressed than
> a simple chmod g-rw /root is going to fix.
>

700 for /root has it's place but i think it is a POLA violation.

I'm guessing that the majority here can agree that 755 is bit too broad?

750 should not create any problems and would be a good compromise.

-T


> --
> Rod Grimes
> rgrimes@freebsd.org
> _______________________________________________
> freebsd-hackers@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-hackers
> To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org"
>

From owner-freebsd-hackers@freebsd.org  Sun Feb  2 21:03:51 2020
Return-Path: <owner-freebsd-hackers@freebsd.org>
Delivered-To: freebsd-hackers@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id E69E023AEDB
 for <freebsd-hackers@mailman.nyi.freebsd.org>;
 Sun,  2 Feb 2020 21:03:51 +0000 (UTC)
 (envelope-from SRS0=tzhe=3W=quip.cz=000.fbsd@elsa.codelab.cz)
Received: from elsa.codelab.cz (elsa.codelab.cz [94.124.105.4])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 489k2t6R74z3CH8
 for <freebsd-hackers@freebsd.org>; Sun,  2 Feb 2020 21:03:50 +0000 (UTC)
 (envelope-from SRS0=tzhe=3W=quip.cz=000.fbsd@elsa.codelab.cz)
Received: from elsa.codelab.cz (localhost [127.0.0.1])
 by elsa.codelab.cz (Postfix) with ESMTP id B907A28426;
 Sun,  2 Feb 2020 22:03:47 +0100 (CET)
Received: from illbsd.quip.test (ip-62-24-92-232.net.upcbroadband.cz
 [62.24.92.232])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (No client certificate requested)
 by elsa.codelab.cz (Postfix) with ESMTPSA id A4F8528416;
 Sun,  2 Feb 2020 22:03:46 +0100 (CET)
Subject: Re: More secure permissions for /root and /etc/sysctl.conf
To: "Rodney W. Grimes" <freebsd-rwg@gndrsh.dnsmgr.net>
Cc: FreeBSD Hackers <freebsd-hackers@freebsd.org>,
 Ben Woods <woodsb02@gmail.com>
References: <202002021808.012I8CNm083835@gndrsh.dnsmgr.net>
From: Miroslav Lachman <000.fbsd@quip.cz>
Message-ID: <26276f97-e2c5-eeca-5445-45f2ce2b4dec@quip.cz>
Date: Sun, 2 Feb 2020 22:03:46 +0100
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101
 Firefox/52.0 SeaMonkey/2.49.3
MIME-Version: 1.0
In-Reply-To: <202002021808.012I8CNm083835@gndrsh.dnsmgr.net>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Rspamd-Queue-Id: 489k2t6R74z3CH8
X-Spamd-Bar: +++
Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none;
 spf=none (mx1.freebsd.org: domain of
 SRS0=tzhe=3W=quip.cz=000.fbsd@elsa.codelab.cz has no SPF policy when checking
 94.124.105.4) smtp.mailfrom=SRS0=tzhe=3W=quip.cz=000.fbsd@elsa.codelab.cz
X-Spamd-Result: default: False [3.60 / 15.00]; ARC_NA(0.00)[];
 RCVD_VIA_SMTP_AUTH(0.00)[]; FROM_HAS_DN(0.00)[];
 RCPT_COUNT_THREE(0.00)[3];
 IP_SCORE(0.86)[ip: (0.34), ipnet: 94.124.104.0/21(0.17), asn: 42000(3.69),
 country: CZ(0.09)]; MIME_GOOD(-0.10)[text/plain];
 RCVD_TLS_LAST(0.00)[]; DMARC_NA(0.00)[quip.cz];
 AUTH_NA(1.00)[]; NEURAL_SPAM_MEDIUM(0.54)[0.541,0];
 RCVD_COUNT_THREE(0.00)[3]; TO_MATCH_ENVRCPT_SOME(0.00)[];
 TO_DN_ALL(0.00)[]; NEURAL_SPAM_LONG(1.00)[0.998,0];
 RCVD_IN_DNSWL_NONE(0.00)[4.105.124.94.list.dnswl.org : 127.0.10.0];
 R_SPF_NA(0.00)[];
 FORGED_SENDER(0.30)[000.fbsd@quip.cz,SRS0=tzhe=3W=quip.cz=000.fbsd@elsa.codelab.cz];
 R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+];
 ASN(0.00)[asn:42000, ipnet:94.124.104.0/21, country:CZ];
 FROM_NEQ_ENVFROM(0.00)[000.fbsd@quip.cz,SRS0=tzhe=3W=quip.cz=000.fbsd@elsa.codelab.cz];
 MID_RHS_MATCH_FROM(0.00)[]
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
 <freebsd-hackers.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers/>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 02 Feb 2020 21:03:52 -0000

Rodney W. Grimes wrote on 2020/02/02 19:08:
> [ Charset UTF-8 unsupported, converting... ]
>> Ben Woods wrote on 2020/02/02 02:46:
>>
>> [...]
>>> DragonFlyBSD 5.6.2 = 700
>>> HardenedBSD build 104 = 755
>>> NetBSD 9.0 RC1 = 755
>>> OpenBSD 6.6 = 700
>>>
>>> For what it's worth, I am broadly supportive of this because I see no
>>> reason for /root to be world readable.
>>
>> +1
>>
>> I see no reason for world readable /root too.
>> We always set user's homes to 0700 (subdirs of /usr/home).
> 
> Who is "We" in this context?

Our sysadmin team at work.

> FreeBSD's default for home directories is 755.
> 
> And as I have stated before anyone who is taking group rx off
> of /root is fooling themselves as that just creates pain for
> members of group wheel who now needlessly need to su to
> see /root's files.

Read it again. 700 for homedirs under /usr/home. I am not talking about 
700 for /root, just that I see no reason to world readable /root.

Kind reagards
Miroslav Lachman

From owner-freebsd-hackers@freebsd.org  Mon Feb  3 14:00:07 2020
Return-Path: <owner-freebsd-hackers@freebsd.org>
Delivered-To: freebsd-hackers@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 7DC3F24D676
 for <freebsd-hackers@mailman.nyi.freebsd.org>;
 Mon,  3 Feb 2020 14:00:07 +0000 (UTC)
 (envelope-from wojtek@puchar.net)
Received: from puchar.net (puchar.net [194.1.144.90])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 48B8bV1vs2z4bJY
 for <freebsd-hackers@freebsd.org>; Mon,  3 Feb 2020 14:00:05 +0000 (UTC)
 (envelope-from wojtek@puchar.net)
Received: Received: from 127.0.0.1 (localhost [127.0.0.1])
 by puchar.net (8.15.2/8.15.2) with ESMTPS id 013DxvMg071554
 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO);
 Mon, 3 Feb 2020 14:59:58 +0100 (CET)
 (envelope-from puchar-wojtek@puchar.net)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=puchar.net;
 s=default; t=1580738398;
 bh=apOXwIO+DP8Z8oDXKGypNDN4K6tXBdc4ly0iR5Qekew=;
 h=Date:From:To:cc:Subject:In-Reply-To:References;
 b=m/ZR0HFa8GsqUq5shU/j+eSP1Mk/G+foub3jZAeDEhXA2gbD8CWkZ1znpMle8SGNs
 b9ceJdy58habrcTP1SVbjz51fOlcniZ2CApDnrEr2fE1BAK+NFJID2Kn4++pqp2mL5
 cOl2OrAIO/mKfAAbRkSWeVHCbJg7wzEhDNomXIH0=
Received: from localhost (puchar-wojtek@localhost)
 by puchar.net (8.15.2/8.15.2/Submit) with ESMTP id 013Dxvkw071551;
 Mon, 3 Feb 2020 14:59:57 +0100 (CET)
 (envelope-from puchar-wojtek@puchar.net)
Date: Mon, 3 Feb 2020 14:59:57 +0100 (CET)
From: Wojciech Puchar <wojtek@puchar.net>
To: "Rodney W. Grimes" <freebsd-rwg@gndrsh.dnsmgr.net>
cc: Gordon Bergling <gbergling@googlemail.com>,
 Wojciech Puchar <wojtek@puchar.net>,
 FreeBSD Hackers <freebsd-hackers@freebsd.org>,
 Ryan Stone <rysto32@gmail.com>
Subject: Re: More secure permissions for /root and /etc/sysctl.conf
In-Reply-To: <202002011904.011J4rBB079499@gndrsh.dnsmgr.net>
Message-ID: <alpine.BSF.2.20.2002031458290.69078@puchar.net>
References: <202002011904.011J4rBB079499@gndrsh.dnsmgr.net>
User-Agent: Alpine 2.20 (BSF 67 2015-01-07)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII; format=flowed
X-Rspamd-Queue-Id: 48B8bV1vs2z4bJY
X-Spamd-Bar: ---
Authentication-Results: mx1.freebsd.org;
 dkim=fail (rsa verify failed) header.d=puchar.net header.s=default
 header.b=m/ZR0HFa; dmarc=none;
 spf=pass (mx1.freebsd.org: domain of wojtek@puchar.net designates 194.1.144.90
 as permitted sender) smtp.mailfrom=wojtek@puchar.net
X-Spamd-Result: default: False [-3.87 / 15.00]; ARC_NA(0.00)[];
 NEURAL_HAM_MEDIUM(-1.00)[-0.999,0]; FROM_HAS_DN(0.00)[];
 R_SPF_ALLOW(-0.20)[+mx];
 R_DKIM_REJECT(1.00)[puchar.net:s=default];
 MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[puchar.net];
 NEURAL_HAM_LONG(-1.00)[-1.000,0]; RCPT_COUNT_FIVE(0.00)[5];
 TO_MATCH_ENVRCPT_SOME(0.00)[]; TO_DN_ALL(0.00)[];
 DKIM_TRACE(0.00)[puchar.net:-];
 RCVD_IN_DNSWL_NONE(0.00)[90.144.1.194.list.dnswl.org : 127.0.10.0];
 IP_SCORE(-2.57)[ip: (-6.81), ipnet: 194.1.144.0/24(-3.41), asn: 43476(-2.72),
 country: PL(0.06)]; FROM_EQ_ENVFROM(0.00)[];
 MIME_TRACE(0.00)[0:+]; RCVD_TLS_LAST(0.00)[];
 ASN(0.00)[asn:43476, ipnet:194.1.144.0/24, country:PL];
 FREEMAIL_CC(0.00)[googlemail.com]; MID_RHS_MATCH_FROM(0.00)[];
 RCVD_COUNT_TWO(0.00)[2]
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
 <freebsd-hackers.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers/>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Feb 2020 14:00:07 -0000

>
> I still can not support that as a change:
> a) It has been 755 for 26 years on FreeBSD and also as long as
>   I can remeber (aka v4 research).  Changing it would be a POLA
>   violation.

so if it was wrong for so long, let keep it wrong.

>
> b) No known security flaw has been shown other than user error.

so simply set all files to 777. it's user error forgetting to change it to 
something else.

>
> c) The default for home directories in all the BSD's I looked at
>   are 755.

Not true.

From owner-freebsd-hackers@freebsd.org  Mon Feb  3 15:40:39 2020
Return-Path: <owner-freebsd-hackers@freebsd.org>
Delivered-To: freebsd-hackers@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id AAD0D24F24A
 for <freebsd-hackers@mailman.nyi.freebsd.org>;
 Mon,  3 Feb 2020 15:40:39 +0000 (UTC)
 (envelope-from freebsd-rwg@gndrsh.dnsmgr.net)
Received: from gndrsh.dnsmgr.net (br1.CN84in.dnsmgr.net [69.59.192.140])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 48BBqV0rqsz3DGr
 for <freebsd-hackers@freebsd.org>; Mon,  3 Feb 2020 15:40:37 +0000 (UTC)
 (envelope-from freebsd-rwg@gndrsh.dnsmgr.net)
Received: from gndrsh.dnsmgr.net (localhost [127.0.0.1])
 by gndrsh.dnsmgr.net (8.13.3/8.13.3) with ESMTP id 013FeUdO088222;
 Mon, 3 Feb 2020 07:40:30 -0800 (PST)
 (envelope-from freebsd-rwg@gndrsh.dnsmgr.net)
Received: (from freebsd-rwg@localhost)
 by gndrsh.dnsmgr.net (8.13.3/8.13.3/Submit) id 013FeU0T088221;
 Mon, 3 Feb 2020 07:40:30 -0800 (PST) (envelope-from freebsd-rwg)
From: "Rodney W. Grimes" <freebsd-rwg@gndrsh.dnsmgr.net>
Message-Id: <202002031540.013FeU0T088221@gndrsh.dnsmgr.net>
Subject: Re: More secure permissions for /root and /etc/sysctl.conf
In-Reply-To: <alpine.BSF.2.20.2002031458290.69078@puchar.net>
To: Wojciech Puchar <wojtek@puchar.net>
Date: Mon, 3 Feb 2020 07:40:30 -0800 (PST)
CC: "Rodney W. Grimes" <freebsd-rwg@gndrsh.dnsmgr.net>,
 Gordon Bergling <gbergling@googlemail.com>,
 FreeBSD Hackers <freebsd-hackers@freebsd.org>,
 Ryan Stone <rysto32@gmail.com>
X-Mailer: ELM [version 2.4ME+ PL121h (25)]
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=US-ASCII
X-Rspamd-Queue-Id: 48BBqV0rqsz3DGr
X-Spamd-Bar: /
Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none;
 spf=none (mx1.freebsd.org: domain of freebsd-rwg@gndrsh.dnsmgr.net has no SPF
 policy when checking 69.59.192.140)
 smtp.mailfrom=freebsd-rwg@gndrsh.dnsmgr.net
X-Spamd-Result: default: False [-0.50 / 15.00]; ARC_NA(0.00)[];
 NEURAL_HAM_MEDIUM(-0.93)[-0.925,0]; FROM_HAS_DN(0.00)[];
 NEURAL_HAM_LONG(-0.51)[-0.514,0]; MIME_GOOD(-0.10)[text/plain];
 RCVD_TLS_LAST(0.00)[]; DMARC_NA(0.00)[dnsmgr.net];
 AUTH_NA(1.00)[]; RCPT_COUNT_FIVE(0.00)[5];
 TO_MATCH_ENVRCPT_SOME(0.00)[]; TO_DN_ALL(0.00)[];
 R_SPF_NA(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[];
 MIME_TRACE(0.00)[0:+];
 ASN(0.00)[asn:13868, ipnet:69.59.192.0/19, country:US];
 MID_RHS_MATCH_FROM(0.00)[];
 IP_SCORE(0.03)[ip: (0.13), ipnet: 69.59.192.0/19(0.07), asn: 13868(0.03),
 country: US(-0.05)]; RCVD_COUNT_TWO(0.00)[2]
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
 <freebsd-hackers.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers/>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Feb 2020 15:40:39 -0000

> >
> > I still can not support that as a change:
> > a) It has been 755 for 26 years on FreeBSD and also as long as
> >   I can remeber (aka v4 research).  Changing it would be a POLA
> >   violation.
> 
> so if it was wrong for so long, let keep it wrong.

No one has demonstrated that it is "wrong", only that
they claim common sense says it should be 700, which has been
arguable demonstrated as wrong by the fact this needlessly removes
access by group wheel members.

> 
> >
> > b) No known security flaw has been shown other than user error.
> 
> so simply set all files to 777. it's user error forgetting to change it to 
> something else.

That has repeatedly been demonstrated to have security implications,
why use such statements in a technical dispute?

> >
> > c) The default for home directories in all the BSD's I looked at
> >   are 755.
> 
> Not true.

That has been corrected by others, and I conced that some others
have done 700 /root, probably with the same type of justification
as is being attempted here and without good solid reasoning.


This is a POLICY issue and sites are going to vary, why change
a long standing default just to appease some sites without a 
good solid reasoning to change said long standing default this
simply becomes change because we can change it.

Seriously I have 100's if not 1000's of tweaks I make after
installing FreeBSD to bring it inline with my POLICIES.

Others are not capable of dealing with a chmod 750 /root I am sure.
As they are tweaking adduser.conf, etc, etc.


I WOULD fully support a post bsdinstall/bsdconfig menu of
"LOCK this system down:".  Some of that has crept into
bsdinstall in the form of a "hardening menu".

-- 
Rod Grimes                                                 rgrimes@freebsd.org

From owner-freebsd-hackers@freebsd.org  Mon Feb  3 17:11:07 2020
Return-Path: <owner-freebsd-hackers@freebsd.org>
Delivered-To: freebsd-hackers@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 176EE228E5D
 for <freebsd-hackers@mailman.nyi.freebsd.org>;
 Mon,  3 Feb 2020 17:11:07 +0000 (UTC)
 (envelope-from cy.schubert@cschubert.com)
Received: from smtp-out-so.shaw.ca (smtp-out-so.shaw.ca [64.59.136.137])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "Client", Issuer "CA" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id 48BDqs5M3zz3KDC
 for <freebsd-hackers@freebsd.org>; Mon,  3 Feb 2020 17:11:05 +0000 (UTC)
 (envelope-from cy.schubert@cschubert.com)
Received: from spqr.komquats.com ([70.67.125.17]) by shaw.ca with ESMTPA
 id yfFTi25rzRnrKyfFUiy6w0; Mon, 03 Feb 2020 10:11:03 -0700
X-Authority-Analysis: v=2.3 cv=L7FjvNb8 c=1 sm=1 tr=0
 a=VFtTW3WuZNDh6VkGe7fA3g==:117 a=VFtTW3WuZNDh6VkGe7fA3g==:17
 a=jpOVt7BSZ2e4Z31A5e1TngXxSK0=:19 a=IkcTkHD0fZMA:10 a=l697ptgUJYAA:10
 a=iKhvJSA4AAAA:8 a=YxBL1-UpAAAA:8 a=6I5d2MoRAAAA:8 a=PBFJiDp6MRPfyVuaXX0A:9
 a=QEXdDO2ut3YA:10 a=odh9cflL3HIXMm4fY7Wr:22 a=Ia-lj3WSrqcvXOmTRaiG:22
 a=IjZwj45LgO3ly-622nXo:22
Received: from Resas-iPad.esitwifi.local (S0106788a207e2972.gv.shawcable.net
 [70.66.154.233])
 by spqr.komquats.com (Postfix) with ESMTPSA id 699D81ED;
 Mon,  3 Feb 2020 09:10:58 -0800 (PST)
Date: Mon, 03 Feb 2020 09:10:31 -0800
User-Agent: K-9 Mail for Android
In-Reply-To: <202002021808.012I8CNm083835@gndrsh.dnsmgr.net>
References: <202002021808.012I8CNm083835@gndrsh.dnsmgr.net>
MIME-Version: 1.0
Content-Type: text/plain;
 charset=utf-8
Content-Transfer-Encoding: quoted-printable
Subject: Re: More secure permissions for /root and /etc/sysctl.conf
To: freebsd-hackers@freebsd.org,
 "Rodney W. Grimes" <freebsd-rwg@gndrsh.dnsmgr.net>,
 Miroslav Lachman <000.fbsd@quip.cz>
CC: Wojciech Puchar <wojtek@puchar.net>,
 FreeBSD Hackers <freebsd-hackers@freebsd.org>,
 Gordon Bergling <gbergling@googlemail.com>, Ben Woods <woodsb02@gmail.com>,
 Ryan Stone <rysto32@gmail.com>
From: Cy Schubert <Cy.Schubert@cschubert.com>
Message-ID: <31EF8F5F-75D5-4EFB-A6DA-10C0807BF29B@cschubert.com>
X-CMAE-Envelope: MS4wfNn10gSuP0PGATkl6ONdYZowrcvg5YqQDxHiNQxYuV0sHu8dLSmg9oR7qVezgpldp9bDgJIUj3aLrCOcTs1xP715ldjQuetDhqcwhv5Ja17/oopADf5u
 ZJwexb4FZfQWDsKtkp3TGc27Ai4ZDYlkRJ0/Bbcnfl0oHeSZRa6Lr0X0KbbQDkkiSJAx4DKBLsLiK6GpGdChvM+eRK/ZXB9IPXa6uZI+3aOiOfQ2ROzKvQBN
 raq3ujIRfvp7E7Zor3sdnySO72/48VUsVlvSgQQSbzkT2TrRub+SfCdvEGJNuYKU+ggwpMUCl6ywtY5O91V1udPmLNWJlsaFH+YqSfwCNZo=
X-Rspamd-Queue-Id: 48BDqs5M3zz3KDC
X-Spamd-Bar: ----
Authentication-Results: mx1.freebsd.org; dkim=none;
 spf=none (mx1.freebsd.org: domain of cy.schubert@cschubert.com has no SPF
 policy when checking 64.59.136.137) smtp.mailfrom=cy.schubert@cschubert.com
X-Spamd-Result: default: False [-4.60 / 15.00]; ARC_NA(0.00)[];
 RCVD_VIA_SMTP_AUTH(0.00)[];
 RECEIVED_SPAMHAUS_PBL(0.00)[233.154.66.70.khpj7ygk5idzvmvt5x4ziurxhy.zen.dq.spamhaus.net
 : 127.0.0.11,17.125.67.70.khpj7ygk5idzvmvt5x4ziurxhy.zen.dq.spamhaus.net :
 127.0.0.11]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[];
 NEURAL_HAM_MEDIUM(-1.00)[-1.000,0];
 NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain];
 RCVD_TLS_LAST(0.00)[]; RCVD_COUNT_THREE(0.00)[3];
 TO_MATCH_ENVRCPT_SOME(0.00)[]; RCPT_COUNT_SEVEN(0.00)[8];
 R_SPF_NA(0.00)[];
 RCVD_IN_DNSWL_LOW(-0.10)[137.136.59.64.list.dnswl.org : 127.0.5.1];
 R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+];
 ASN(0.00)[asn:6327, ipnet:64.59.128.0/20, country:CA];
 MID_RHS_MATCH_FROM(0.00)[];
 IP_SCORE(-2.40)[ip: (-6.21), ipnet: 64.59.128.0/20(-3.20), asn: 6327(-2.49),
 country: CA(-0.09)]; FROM_EQ_ENVFROM(0.00)[]
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
 <freebsd-hackers.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers/>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Feb 2020 17:11:07 -0000

On February 2, 2020 10:08:12 AM PST, "Rodney W=2E Grimes" <freebsd-rwg@gndr=
sh=2Ednsmgr=2Enet> wrote:
>[ Charset UTF-8 unsupported, converting=2E=2E=2E ]
>> Ben Woods wrote on 2020/02/02 02:46:
>>=20
>> [=2E=2E=2E]
>> > DragonFlyBSD 5=2E6=2E2 =3D 700
>> > HardenedBSD build 104 =3D 755
>> > NetBSD 9=2E0 RC1 =3D 755
>> > OpenBSD 6=2E6 =3D 700
>> >=20
>> > For what it's worth, I am broadly supportive of this because I see
>no
>> > reason for /root to be world readable=2E
>>=20
>> +1
>>=20
>> I see no reason for world readable /root too=2E
>> We always set user's homes to 0700 (subdirs of /usr/home)=2E
>
>Who is "We" in this context?
>
>FreeBSD's default for home directories is 755=2E
>
>And as I have stated before anyone who is taking group rx off
>of /root is fooling themselves as that just creates pain for
>members of group wheel who now needlessly need to su to
>see /root's files=2E
>
>If you have issues with group wheel being able to read /root
>you have far far bigger problems that need addressed than
>a simple chmod g-rw /root is going to fix=2E

Agreed=2E


--=20
Pardon the typos and autocorrect, small keyboard in use=2E=20
Cy Schubert <Cy=2ESchubert@cschubert=2Ecom>
FreeBSD UNIX: <cy@FreeBSD=2Eorg> Web: https://www=2EFreeBSD=2Eorg

The need of the many outweighs the greed of the few=2E

Sent from my Android device with K-9 Mail=2E Please excuse my brevity=2E

From owner-freebsd-hackers@freebsd.org  Mon Feb  3 19:14:24 2020
Return-Path: <owner-freebsd-hackers@freebsd.org>
Delivered-To: freebsd-hackers@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 6243022B69E
 for <freebsd-hackers@mailman.nyi.freebsd.org>;
 Mon,  3 Feb 2020 19:14:24 +0000 (UTC)
 (envelope-from yaneurabeya@gmail.com)
Received: from mail-ua1-x941.google.com (mail-ua1-x941.google.com
 [IPv6:2607:f8b0:4864:20::941])
 (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
 server-signature RSA-PSS (4096 bits)
 client-signature RSA-PSS (2048 bits) client-digest SHA256)
 (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 48BHZ732fcz3ww0
 for <freebsd-hackers@freebsd.org>; Mon,  3 Feb 2020 19:14:23 +0000 (UTC)
 (envelope-from yaneurabeya@gmail.com)
Received: by mail-ua1-x941.google.com with SMTP id c7so5761679uaf.5
 for <freebsd-hackers@freebsd.org>; Mon, 03 Feb 2020 11:14:23 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=mime-version:references:in-reply-to:from:date:message-id:subject:to
 :cc; bh=fb1lBVU+3oDj0zBU1iU3aTiUkAu5gbxdLqBa1eNQOlk=;
 b=oTiuOCaHLkXeMy1c96OWXmfcsdEqEmfk8dExns8bB5mKKpmIrDfwHHGAdoctGQk+Lj
 HCRSidG0s7mf/XUWlmWmx/S+FfIuc6JPKRlIUVEDiifk6G9uEcZUxK7IcxLi5XVH370Q
 lPGdG8iU+ErI/Q89kcG16aFHRKNxe7Yz/pHlKTB9z/74suL3IA/nCc6PVH7ilpIngYHV
 DEaTCicmGb8SpdrAKNdjpNUISaU0HAoTEPCTjzsnUkHQr13Pgwt5OZOjRERcxCyURapi
 SW1XRcAeTy/BGQWKAyXxrFa/R4v4mipA0VyMh47/Xo6ZqAIBpnRQIF2f4k/AD04POCs/
 FBDA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:references:in-reply-to:from:date
 :message-id:subject:to:cc;
 bh=fb1lBVU+3oDj0zBU1iU3aTiUkAu5gbxdLqBa1eNQOlk=;
 b=cBh8u3mB6Ls5e30ClJy7LtWO+MyZpWlNR6D1ghaD1yz6ZVGfTTbbPJXv8LnY2H9rYp
 puOTgNAHK1kVnVUpzA3+w66+pnn7w0symuXAg9WQ8vz+morQEU4sv1vjrXFGf/RqrOMl
 775Y35cmawHOiMmniZBh2T9fAqEwM14iDi2AoCESJUyxVSa97hcN3x1Rh2f8SFIHUtHB
 QC7bvyPDUS+9ODYyBBIwmgFuJlj1J+nwHEWTczy2i8dYUUf9cQuiiyjdDNBoYf9SaoME
 VnLqGp8D3p7mQOLUU6YumMnwwmXnJSWhBvDq8oU9LRtq94Aw1vm8DrF5DZe6bI31nGWu
 00aA==
X-Gm-Message-State: APjAAAXym9TdS97NUSKSZkoV8Ef/bxbMFNOIhZ4MokUObhVxF0BXYUyE
 U6xZqdutJPIQoMkfnO/Ws2o1oTUrIAup3AySqvc=
X-Google-Smtp-Source: APXvYqzKYayA1RPmjo/TcpTgXcheP/a6B27lFyePKohEjyjT0ffPbm2Dq1QemS/GdCQV37tIFwW8wOLLCgtWJmRhoJA=
X-Received: by 2002:ab0:2a0c:: with SMTP id o12mr14489231uar.72.1580757262312; 
 Mon, 03 Feb 2020 11:14:22 -0800 (PST)
MIME-Version: 1.0
References: <202002021808.012I8CNm083835@gndrsh.dnsmgr.net>
 <31EF8F5F-75D5-4EFB-A6DA-10C0807BF29B@cschubert.com>
In-Reply-To: <31EF8F5F-75D5-4EFB-A6DA-10C0807BF29B@cschubert.com>
From: Enji Cooper <yaneurabeya@gmail.com>
Date: Mon, 3 Feb 2020 11:14:10 -0800
Message-ID: <CAGHfRMBM4QTbfCc2cpZuAobVqZH2WMxm2H5tqLDqnPLG2gGZew@mail.gmail.com>
Subject: Re: More secure permissions for /root and /etc/sysctl.conf
To: Cy Schubert <Cy.Schubert@cschubert.com>
Cc: "freebsd-hackers@freebsd.org" <freebsd-hackers@freebsd.org>, 
 "Rodney W. Grimes" <freebsd-rwg@gndrsh.dnsmgr.net>,
 Miroslav Lachman <000.fbsd@quip.cz>, 
 Gordon Bergling <gbergling@googlemail.com>, Ben Woods <woodsb02@gmail.com>, 
 Ryan Stone <rysto32@gmail.com>, Wojciech Puchar <wojtek@puchar.net>
Content-Type: text/plain; charset="UTF-8"
X-Rspamd-Queue-Id: 48BHZ732fcz3ww0
X-Spamd-Bar: --
Authentication-Results: mx1.freebsd.org;
 dkim=pass header.d=gmail.com header.s=20161025 header.b=oTiuOCaH;
 dmarc=pass (policy=none) header.from=gmail.com;
 spf=pass (mx1.freebsd.org: domain of yaneurabeya@gmail.com designates
 2607:f8b0:4864:20::941 as permitted sender)
 smtp.mailfrom=yaneurabeya@gmail.com
X-Spamd-Result: default: False [-3.00 / 15.00]; ARC_NA(0.00)[];
 TO_DN_EQ_ADDR_SOME(0.00)[];
 R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025];
 NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[];
 TO_DN_SOME(0.00)[];
 R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36:c];
 FREEMAIL_FROM(0.00)[gmail.com]; MIME_GOOD(-0.10)[text/plain];
 PREVIOUSLY_DELIVERED(0.00)[freebsd-hackers@freebsd.org];
 NEURAL_HAM_LONG(-1.00)[-1.000,0]; IP_SCORE_FREEMAIL(0.00)[];
 TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+];
 DMARC_POLICY_ALLOW(-0.50)[gmail.com,none];
 RCPT_COUNT_SEVEN(0.00)[8];
 RCVD_IN_DNSWL_NONE(0.00)[1.4.9.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.b.8.f.7.0.6.2.list.dnswl.org
 : 127.0.5.0]; 
 IP_SCORE(0.00)[ip: (2.63), ipnet: 2607:f8b0::/32(-1.99), asn: 15169(-1.75),
 country: US(-0.05)]; FROM_EQ_ENVFROM(0.00)[];
 MIME_TRACE(0.00)[0:+]; FREEMAIL_ENVFROM(0.00)[gmail.com];
 ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US];
 RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[];
 DWL_DNSWL_NONE(0.00)[gmail.com.dwl.dnswl.org : 127.0.5.0]
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
 <freebsd-hackers.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers/>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Feb 2020 19:14:24 -0000

On Mon, Feb 3, 2020 at 9:11 AM Cy Schubert <Cy.Schubert@cschubert.com> wrote:
>
> On February 2, 2020 10:08:12 AM PST, "Rodney W. Grimes" <freebsd-rwg@gndrsh.dnsmgr.net> wrote:
> >[ Charset UTF-8 unsupported, converting... ]
> >> Ben Woods wrote on 2020/02/02 02:46:
> >>
> >> [...]
> >> > DragonFlyBSD 5.6.2 = 700
> >> > HardenedBSD build 104 = 755
> >> > NetBSD 9.0 RC1 = 755
> >> > OpenBSD 6.6 = 700
> >> >
> >> > For what it's worth, I am broadly supportive of this because I see
> >no
> >> > reason for /root to be world readable.
> >>
> >> +1
> >>
> >> I see no reason for world readable /root too.
> >> We always set user's homes to 0700 (subdirs of /usr/home).
> >
> >Who is "We" in this context?
> >
> >FreeBSD's default for home directories is 755.
> >
> >And as I have stated before anyone who is taking group rx off
> >of /root is fooling themselves as that just creates pain for
> >members of group wheel who now needlessly need to su to
> >see /root's files.
> >
> >If you have issues with group wheel being able to read /root
> >you have far far bigger problems that need addressed than
> >a simple chmod g-rw /root is going to fix.
>
> Agreed.

YMMV, but Fedora Linux 31 (at least) has a more restrictive
umask/ownership set on /root by default:

$ ls -ld /root
dr-xr-x---. 6 root root 4096 Feb  3 10:06 /root
$ cat /etc/redhat-release
Fedora release 31 (Thirty One)

I'm unsure what the default setting is with OSX (/root is a symlink to
a directory under /var ).

I think this suggestion makes sense from a default security
perspective, but honestly I wouldn't fiddle with /etc/sysctl.conf at
all. The RoI is much lower and the likelihood of breaking applications
is considerably higher; having to elevate privileges just to read
/etc/sysctl.conf wouldn't be strictly required, but someone might have
implemented naive logic somewhere where it passes along "-f
/etc/sysctl.conf" by default.

Cheers,
-Enji

From owner-freebsd-hackers@freebsd.org  Mon Feb  3 20:27:19 2020
Return-Path: <owner-freebsd-hackers@freebsd.org>
Delivered-To: freebsd-hackers@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 3B89522DD81
 for <freebsd-hackers@mailman.nyi.freebsd.org>;
 Mon,  3 Feb 2020 20:27:19 +0000 (UTC)
 (envelope-from cy.schubert@cschubert.com)
Received: from smtp-out-so.shaw.ca (smtp-out-so.shaw.ca [64.59.136.139])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "Client", Issuer "CA" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id 48BKBG1lzwz45PT
 for <freebsd-hackers@freebsd.org>; Mon,  3 Feb 2020 20:27:17 +0000 (UTC)
 (envelope-from cy.schubert@cschubert.com)
Received: from spqr.komquats.com ([70.67.125.17]) by shaw.ca with ESMTPA
 id yiJMizcfP17ZDyiJOiJfGj; Mon, 03 Feb 2020 13:27:16 -0700
X-Authority-Analysis: v=2.3 cv=ZsqT1OzG c=1 sm=1 tr=0
 a=VFtTW3WuZNDh6VkGe7fA3g==:117 a=VFtTW3WuZNDh6VkGe7fA3g==:17
 a=kj9zAlcOel0A:10 a=l697ptgUJYAA:10 a=YxBL1-UpAAAA:8 a=iKhvJSA4AAAA:8
 a=6I5d2MoRAAAA:8 a=Yx4z9yM_UE8zZ7et30UA:9 a=CjuIK1q_8ugA:10 a=UJ0tAi3fqDAA:10
 a=Ia-lj3WSrqcvXOmTRaiG:22 a=odh9cflL3HIXMm4fY7Wr:22 a=IjZwj45LgO3ly-622nXo:22
Received: from slippy.cwsent.com (slippy8 [10.2.2.6])
 by spqr.komquats.com (Postfix) with ESMTPS id C965A49A;
 Mon,  3 Feb 2020 12:27:11 -0800 (PST)
Received: from slippy.cwsent.com (localhost [127.0.0.1])
 by slippy.cwsent.com (8.15.2/8.15.2) with ESMTP id 013KRBcJ042649;
 Mon, 3 Feb 2020 12:27:11 -0800 (PST)
 (envelope-from Cy.Schubert@cschubert.com)
Received: from slippy (cy@localhost)
 by slippy.cwsent.com (8.15.2/8.15.2/Submit) with ESMTP id 013KRAil042646;
 Mon, 3 Feb 2020 12:27:10 -0800 (PST)
 (envelope-from Cy.Schubert@cschubert.com)
Message-Id: <202002032027.013KRAil042646@slippy.cwsent.com>
X-Authentication-Warning: slippy.cwsent.com: cy owned process doing -bs
X-Mailer: exmh version 2.9.0 11/07/2018 with nmh-1.7.1
Reply-to: Cy Schubert <Cy.Schubert@cschubert.com>
From: Cy Schubert <Cy.Schubert@cschubert.com>
X-os: FreeBSD
X-Sender: cy@cwsent.com
X-URL: http://www.cschubert.com/
To: Enji Cooper <yaneurabeya@gmail.com>
cc: Cy Schubert <Cy.Schubert@cschubert.com>,
 "freebsd-hackers@freebsd.org" <freebsd-hackers@freebsd.org>,
 "Rodney W. Grimes" <freebsd-rwg@gndrsh.dnsmgr.net>,
 Miroslav Lachman <000.fbsd@quip.cz>,
 Gordon Bergling <gbergling@googlemail.com>,
 Ben Woods <woodsb02@gmail.com>, Ryan Stone <rysto32@gmail.com>,
 Wojciech Puchar <wojtek@puchar.net>
Subject: Re: More secure permissions for /root and /etc/sysctl.conf
In-reply-to: <CAGHfRMBM4QTbfCc2cpZuAobVqZH2WMxm2H5tqLDqnPLG2gGZew@mail.gmail.com>
References: <202002021808.012I8CNm083835@gndrsh.dnsmgr.net> 
 <31EF8F5F-75D5-4EFB-A6DA-10C0807BF29B@cschubert.com> 
 <CAGHfRMBM4QTbfCc2cpZuAobVqZH2WMxm2H5tqLDqnPLG2gGZew@mail.gmail.com>
Comments: In-reply-to Enji Cooper <yaneurabeya@gmail.com>
 message dated "Mon, 03 Feb 2020 11:14:10 -0800."
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Mon, 03 Feb 2020 12:27:10 -0800
X-CMAE-Envelope: MS4wfNetVceHES4QMJIpUklG1xLwBcCRhDTP0N+OygMlp2BqF4K77aKvb8bEnj3A5czg0tbk7C9gFkr56G90zMuCVEAJ9/xN5mkb+EulumQhTqCGlFAiUZp1
 tpMYETEe44f82YvIw6WI9+56P+HLKzVWkPTQna1Y2D6ba50gOtTSRuqteHP8PITYrH6RUBXCkoswUug72+RxR2G4RmofvIH3B4i+0USAkOESkQCU2Ll907fC
 1XcZv1TYkDNRaS6fDdI0Fu8gtxblBHIJ1/IPH5M5tbJq/TUei8ILz1JzJaR7hXx/yUSnzrr+P4LEavQWzobIhxttVd4ySP8HipIUhLLtPpI=
X-Rspamd-Queue-Id: 48BKBG1lzwz45PT
X-Spamd-Bar: ----
Authentication-Results: mx1.freebsd.org; dkim=none;
 spf=none (mx1.freebsd.org: domain of cy.schubert@cschubert.com has no SPF
 policy when checking 64.59.136.139) smtp.mailfrom=cy.schubert@cschubert.com
X-Spamd-Result: default: False [-4.06 / 15.00]; ARC_NA(0.00)[];
 TO_DN_EQ_ADDR_SOME(0.00)[]; RCVD_COUNT_FIVE(0.00)[5];
 RCVD_VIA_SMTP_AUTH(0.00)[]; FROM_HAS_DN(0.00)[];
 TO_DN_SOME(0.00)[]; MV_CASE(0.50)[];
 NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain];
 HAS_XAW(0.00)[]; HAS_REPLYTO(0.00)[Cy.Schubert@cschubert.com];
 REPLYTO_EQ_FROM(0.00)[];
 RECEIVED_SPAMHAUS_PBL(0.00)[17.125.67.70.khpj7ygk5idzvmvt5x4ziurxhy.zen.dq.spamhaus.net
 : 127.0.0.11]; TO_MATCH_ENVRCPT_SOME(0.00)[];
 RCPT_COUNT_SEVEN(0.00)[9]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0];
 R_SPF_NA(0.00)[]; FREEMAIL_TO(0.00)[gmail.com];
 FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[];
 MIME_TRACE(0.00)[0:+];
 ASN(0.00)[asn:6327, ipnet:64.59.128.0/20, country:CA];
 RCVD_TLS_LAST(0.00)[];
 IP_SCORE(-2.36)[ip: (-6.02), ipnet: 64.59.128.0/20(-3.20), asn: 6327(-2.49),
 country: CA(-0.09)]; 
 RCVD_IN_DNSWL_LOW(-0.10)[139.136.59.64.list.dnswl.org : 127.0.5.1]
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
 <freebsd-hackers.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers/>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Feb 2020 20:27:19 -0000

In message <CAGHfRMBM4QTbfCc2cpZuAobVqZH2WMxm2H5tqLDqnPLG2gGZew@mail.gmail.c
om>
, Enji Cooper writes:
> On Mon, Feb 3, 2020 at 9:11 AM Cy Schubert <Cy.Schubert@cschubert.com> wrote:
> >
> > On February 2, 2020 10:08:12 AM PST, "Rodney W. Grimes" <freebsd-rwg@gndrsh
> .dnsmgr.net> wrote:
> > >[ Charset UTF-8 unsupported, converting... ]
> > >> Ben Woods wrote on 2020/02/02 02:46:
> > >>
> > >> [...]
> > >> > DragonFlyBSD 5.6.2 = 700
> > >> > HardenedBSD build 104 = 755
> > >> > NetBSD 9.0 RC1 = 755
> > >> > OpenBSD 6.6 = 700
> > >> >
> > >> > For what it's worth, I am broadly supportive of this because I see
> > >no
> > >> > reason for /root to be world readable.
> > >>
> > >> +1
> > >>
> > >> I see no reason for world readable /root too.
> > >> We always set user's homes to 0700 (subdirs of /usr/home).
> > >
> > >Who is "We" in this context?
> > >
> > >FreeBSD's default for home directories is 755.
> > >
> > >And as I have stated before anyone who is taking group rx off
> > >of /root is fooling themselves as that just creates pain for
> > >members of group wheel who now needlessly need to su to
> > >see /root's files.
> > >
> > >If you have issues with group wheel being able to read /root
> > >you have far far bigger problems that need addressed than
> > >a simple chmod g-rw /root is going to fix.
> >
> > Agreed.
>
> YMMV, but Fedora Linux 31 (at least) has a more restrictive
> umask/ownership set on /root by default:
>
> $ ls -ld /root
> dr-xr-x---. 6 root root 4096 Feb  3 10:06 /root
> $ cat /etc/redhat-release
> Fedora release 31 (Thirty One)
>
> I'm unsure what the default setting is with OSX (/root is a symlink to
> a directory under /var ).
>
> I think this suggestion makes sense from a default security
> perspective, but honestly I wouldn't fiddle with /etc/sysctl.conf at
> all. The RoI is much lower and the likelihood of breaking applications
> is considerably higher; having to elevate privileges just to read
> /etc/sysctl.conf wouldn't be strictly required, but someone might have
> implemented naive logic somewhere where it passes along "-f
> /etc/sysctl.conf" by default.

I wouldn't either but at $JOB we do and a lot more too. Quarterly patching 
invokes a policy that resets all customizations back to policy, kind of 
like installworld reverts back to default. I don't agree with it but it 
could be a WITH_ or WITHOUT_ option to chown and chmod all files in /home, 
reset umasks, and file off all setuid bits. I don't agree with the policy 
but if we must, let's make it a WITH/WITHOUT option. Or better yet, a port 
that locks down a server to CIS standards.

If we are going to embark down this path, let's a) adhere to CIS and b) 
make it optional.


-- 
Cheers,
Cy Schubert <Cy.Schubert@cschubert.com>
FreeBSD UNIX:  <cy@FreeBSD.org>   Web:  http://www.FreeBSD.org

	The need of the many outweighs the greed of the few.



From owner-freebsd-hackers@freebsd.org  Thu Feb  6 14:02:05 2020
Return-Path: <owner-freebsd-hackers@freebsd.org>
Delivered-To: freebsd-hackers@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 73A7522CE76
 for <freebsd-hackers@mailman.nyi.freebsd.org>;
 Thu,  6 Feb 2020 14:02:05 +0000 (UTC)
 (envelope-from aladupushpendra08@gmail.com)
Received: from mail-ua1-x932.google.com (mail-ua1-x932.google.com
 [IPv6:2607:f8b0:4864:20::932])
 (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
 server-signature RSA-PSS (4096 bits)
 client-signature RSA-PSS (2048 bits) client-digest SHA256)
 (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 48D0VN5Qm3z44ZW
 for <freebsd-hackers@freebsd.org>; Thu,  6 Feb 2020 14:02:04 +0000 (UTC)
 (envelope-from aladupushpendra08@gmail.com)
Received: by mail-ua1-x932.google.com with SMTP id c7so2276013uaf.5
 for <freebsd-hackers@freebsd.org>; Thu, 06 Feb 2020 06:02:04 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=mime-version:from:date:message-id:subject:to;
 bh=1yl58xmNifk0HhWBEMBHvvvVC0magPqN6XpMXv0ukPk=;
 b=BJxjV1UnhEhpHIP1AjhjUN4oByMn4x5b7yzp0OiDd8WOBHne5B2//xljhQOzi6EOte
 6dwfRL9KfRFBo6G6gkTxQvtVYNjT7z+Vw4F7meWg2Ah7Z9njwlXctMPLuEYr75TpSTQU
 TnauPEP0idC3RgfYOPHZCWdY5HjOd04AhosKFqZvAxHY5QrBEuxJNDrrHxcg5vLHbAiU
 u1ZpIZDG9+RoG6RKzAhg/m0U0Fs2fT26cKEpbjqV0x9lP8hdNRq2oqyO1uSOsnpB99wV
 GiPQfzf7mjAa+z8SuC3l9+BdbCJIWpa0XHhHc7+6VSQujalIxwXOpN3TJ7fEUslVZoIT
 oejg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:from:date:message-id:subject:to;
 bh=1yl58xmNifk0HhWBEMBHvvvVC0magPqN6XpMXv0ukPk=;
 b=GcYMhoftJ+fq52ZQVys1yfc6B6W03oYzsMsaFJ+1E4jcK/edgGWpUeBnPkimUN4UJs
 NG3d4X9v0wulI0dERektGlWKjsw72Nuka8q7IOaX7RE2KOFYADVdHE1udpR3sbF+ELp4
 HAB5uZHMD/6pXbtg+KAGsSMUWop70vY3INYW4yUgmyz20h9cUHMLNj29ER081AtaalZK
 4HCkj05imQAaltMOhEbUlpGBzDoTYirlA0R3dHRj8pvQe5+NI8Tvl5JhxIRW3fw0ZLMD
 CDt6mCe18H2iqq39zygsJnLoRsqYyvl8gNAKe9qBtB6HAU9iS/CN+MF94KkoQtAaKv8r
 oX2g==
X-Gm-Message-State: APjAAAWjI7Dn6r3mZUK9N5jTM2sARi1Ygo7VsVa/CgnBBoget5WARgXR
 scyLTZWH2uD4s8YGEdLnNkE0QawCiOu56o0f48Nz6GR9qmY=
X-Google-Smtp-Source: APXvYqyIBpbFV+7qB2qLHK4Mf/Xr4X01qs32CisvCaZ3icJurnEMSLZucvfklPieE4s79Lshj/wmFVpLr6jgwoCTdq8=
X-Received: by 2002:ab0:29d8:: with SMTP id i24mr1742517uaq.15.1580997722802; 
 Thu, 06 Feb 2020 06:02:02 -0800 (PST)
MIME-Version: 1.0
From: Pushpendra A <aladupushpendra08@gmail.com>
Date: Thu, 6 Feb 2020 19:31:49 +0530
Message-ID: <CAE5X4z=VvLoL1NFzDpNeBVjHHpJJdWpA6D8yvKmqK0Wx8CY8rA@mail.gmail.com>
Subject: help:I want to contribute to this organisation. Can you some good
 projects to work on?
To: freebsd-hackers@freebsd.org
X-Rspamd-Queue-Id: 48D0VN5Qm3z44ZW
X-Spamd-Bar: -
Authentication-Results: mx1.freebsd.org;
 dkim=pass header.d=gmail.com header.s=20161025 header.b=BJxjV1Un;
 dmarc=pass (policy=none) header.from=gmail.com;
 spf=pass (mx1.freebsd.org: domain of aladupushpendra08@gmail.com designates
 2607:f8b0:4864:20::932 as permitted sender)
 smtp.mailfrom=aladupushpendra08@gmail.com
X-Spamd-Result: default: False [-2.00 / 15.00]; ARC_NA(0.00)[];
 NEURAL_HAM_MEDIUM(-1.00)[-1.000,0];
 R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[];
 R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36];
 FREEMAIL_FROM(0.00)[gmail.com];
 MIME_GOOD(-0.10)[multipart/alternative,text/plain];
 PREVIOUSLY_DELIVERED(0.00)[freebsd-hackers@freebsd.org];
 TO_DN_NONE(0.00)[]; RCVD_COUNT_TWO(0.00)[2];
 RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-1.00)[-1.000,0];
 IP_SCORE_FREEMAIL(0.00)[];
 IP_SCORE(0.00)[ip: (-9.45), ipnet: 2607:f8b0::/32(-1.97), asn: 15169(-1.74),
 country: US(-0.05)]; TO_MATCH_ENVRCPT_ALL(0.00)[];
 DKIM_TRACE(0.00)[gmail.com:+];
 DMARC_POLICY_ALLOW(-0.50)[gmail.com,none];
 RCVD_IN_DNSWL_NONE(0.00)[2.3.9.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.b.8.f.7.0.6.2.list.dnswl.org
 : 127.0.5.0]; FROM_EQ_ENVFROM(0.00)[];
 SUBJECT_ENDS_QUESTION(1.00)[];
 FREEMAIL_ENVFROM(0.00)[gmail.com];
 ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US];
 MIME_TRACE(0.00)[0:+,1:+,2:~]; RCVD_TLS_ALL(0.00)[];
 DWL_DNSWL_NONE(0.00)[gmail.com.dwl.dnswl.org : 127.0.5.0]
Content-Type: text/plain; charset="UTF-8"
X-Content-Filtered-By: Mailman/MimeDel 2.1.29
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
 <freebsd-hackers.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers/>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Feb 2020 14:02:05 -0000

I want to contribute to this organisation. Can you some good projects to
work on?

From owner-freebsd-hackers@freebsd.org  Thu Feb  6 16:56:59 2020
Return-Path: <owner-freebsd-hackers@freebsd.org>
Delivered-To: freebsd-hackers@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id D2544230932
 for <freebsd-hackers@mailman.nyi.freebsd.org>;
 Thu,  6 Feb 2020 16:56:59 +0000 (UTC)
 (envelope-from rank1seeker@gmail.com)
Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::50:13])
 by mx1.freebsd.org (Postfix) with ESMTP id 48D4NC410yz4GR5
 for <freebsd-hackers@freebsd.org>; Thu,  6 Feb 2020 16:56:59 +0000 (UTC)
 (envelope-from rank1seeker@gmail.com)
Received: by mailman.nyi.freebsd.org (Postfix)
 id 894A2230931; Thu,  6 Feb 2020 16:56:59 +0000 (UTC)
Delivered-To: hackers@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 89052230930
 for <hackers@mailman.nyi.freebsd.org>; Thu,  6 Feb 2020 16:56:59 +0000 (UTC)
 (envelope-from rank1seeker@gmail.com)
Received: from mail-wr1-x433.google.com (mail-wr1-x433.google.com
 [IPv6:2a00:1450:4864:20::433])
 (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
 server-signature RSA-PSS (4096 bits)
 client-signature RSA-PSS (2048 bits) client-digest SHA256)
 (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 48D4NB4cDyz4GR4
 for <hackers@freebsd.org>; Thu,  6 Feb 2020 16:56:58 +0000 (UTC)
 (envelope-from rank1seeker@gmail.com)
Received: by mail-wr1-x433.google.com with SMTP id z9so8038195wrs.10
 for <hackers@freebsd.org>; Thu, 06 Feb 2020 08:56:58 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=date:from:to:subject:message-id:mime-version
 :content-transfer-encoding;
 bh=EVTX9aypHlsDDxr+30OVDNr77oef97tjdZDKu67Axd8=;
 b=JwfRtsm5eN7vaiJPsv5u2xCrs2NzSDh8+8j73Op8zGzJtgrsnVzswoKHg6SkrAhayd
 ssJooSAYTtTdd8VAyDtalroIvJAbChOYfK3u0UZwS4Abv3l7Z9slCb+s65ki9PUOpnJd
 b3SqN4jXE+E8EouF6W96mHWgP1rz09W+6iggfTUvRmR6HJvi4paP50HPYgxYeDMmiVj8
 U0FeDwYFY1cVIzp1CyDKIFP/RWGtK/s+wSPdDFCAVtwIscWT3yg0HqOmhnt9U2engJqZ
 9BMwtCzcugAnA3lzDHFIyIteDlXYvK6JY47ytJtFS0XMY6T9dlLmDGgXg8z5EgPC/A43
 mM2A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:date:from:to:subject:message-id:mime-version
 :content-transfer-encoding;
 bh=EVTX9aypHlsDDxr+30OVDNr77oef97tjdZDKu67Axd8=;
 b=Inea6ATUDxuZe1x32oiljwjhMigXsipmeZK7ENIVRTuEA9qQ55pD9kSoG3ryatru4s
 ywf+/6jpzSpqAIghnyFpInb4jopJeybzi10Sx/+yJw+xIkZ+xQ1mSD1VgBl/AoIuVNzG
 AcAZSqAdmYzKTc2s+CQtCsifzzMPT+qSXxHSEX4jMpYy3MRsk7k+xPdHRz2lB5BNCQCT
 KXXR1SlfwyN1XQ5A3tMolohKG8CzPXky0c40IR+fSJfgGlklIfMMEEEAKmTgPPKyEB3j
 ioWRlLjcNVzg5IZ572BBoKrvos0SX+FIb9h8hfZrGzoLdtVEOE/LXP//U4g74JwW0QLn
 5QlQ==
X-Gm-Message-State: APjAAAUCcrS+t0fFQF6rkfPkHnzTuIyiniq8xwjfcBsQl/g28cQzLkqO
 V4Penq+/INEbb559eB9djHGcoID4
X-Google-Smtp-Source: APXvYqzEFwftyrJST1+bWP8BtRhXvMYzXrGewCfAwI7x6lrJ3s3rvplnkRTjI7gJdoPV9487EHVq1g==
X-Received: by 2002:a5d:42c6:: with SMTP id t6mr4688295wrr.151.1581008216465; 
 Thu, 06 Feb 2020 08:56:56 -0800 (PST)
Received: from localhost ([213.149.54.165])
 by smtp.gmail.com with ESMTPSA id f189sm149063wmf.16.2020.02.06.08.56.55
 for <hackers@freebsd.org>
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Thu, 06 Feb 2020 08:56:56 -0800 (PST)
Date: Thu, 6 Feb 2020 17:55:13 +0100
From: Domagoj =?UTF-8?Q?Smol=C4=8Di=C4=87?= <rank1seeker@gmail.com>
To: hackers@freebsd.org
Subject: [t]csh => Pass var containing multiline string to an alias
Message-ID: <20200206175513.00006006@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
X-Rspamd-Queue-Id: 48D4NB4cDyz4GR4
X-Spamd-Bar: --
Authentication-Results: mx1.freebsd.org;
 dkim=pass header.d=gmail.com header.s=20161025 header.b=JwfRtsm5;
 dmarc=pass (policy=none) header.from=gmail.com;
 spf=pass (mx1.freebsd.org: domain of rank1seeker@gmail.com designates
 2a00:1450:4864:20::433 as permitted sender)
 smtp.mailfrom=rank1seeker@gmail.com
X-Spamd-Result: default: False [-3.00 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[];
 R_SPF_ALLOW(-0.20)[+ip6:2a00:1450:4000::/36];
 FREEMAIL_FROM(0.00)[gmail.com]; TO_DN_NONE(0.00)[];
 RCVD_COUNT_THREE(0.00)[3]; DKIM_TRACE(0.00)[gmail.com:+];
 DMARC_POLICY_ALLOW(-0.50)[gmail.com,none];
 FROM_EQ_ENVFROM(0.00)[];
 IP_SCORE(0.00)[ip: (-9.09), ipnet: 2a00:1450::/32(-2.49), asn: 15169(-1.74),
 country: US(-0.05)]; MIME_TRACE(0.00)[0:+];
 FREEMAIL_ENVFROM(0.00)[gmail.com];
 ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US];
 MID_RHS_MATCH_FROM(0.00)[];
 DWL_DNSWL_NONE(0.00)[gmail.com.dwl.dnswl.org : 127.0.5.0];
 ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0];
 R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[];
 TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0];
 MIME_GOOD(-0.10)[text/plain];
 PREVIOUSLY_DELIVERED(0.00)[hackers@freebsd.org];
 IP_SCORE_FREEMAIL(0.00)[]; RCPT_COUNT_ONE(0.00)[1];
 RCVD_IN_DNSWL_NONE(0.00)[3.3.4.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.5.4.1.0.0.a.2.list.dnswl.org
 : 127.0.5.0]; RCVD_TLS_ALL(0.00)[]
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
 <freebsd-hackers.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers/>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Feb 2020 16:56:59 -0000

Yo Crew ..., so ...
I want to pass variable containing multiline string to an alias, so it woul=
d also be multiline string.

Var first:
--
set t_var=3D'a\
b'
--
  Expands to:
--
a
b
--

So far so good, now alias:
Double quotes are mandatory, else all ends up at 1 line
--
alias t_name    "aa $t_var bb"
--
Error:
    Unmatched '"'.



Manual replacement:
--
alias t_name    "aa a\
b bb"
--

Results in:
# alias t_name
aa a
b bb

Exactly what I want ...


Going back to var in order to make it, to be expanded with additional \
--
set t_var=3D'a\\
b'
--
  Expands to:
--
a\
b
--

And that is exactly a string which I've manually replaced above.
After # source /.cshrc
Unmatched '"'.


What is going on?
I've tried adding many \'s and playing wit all types of quotes in all kind =
of combinations just to find out I've lost 4 hours on something like THIS!

Am I completely missing something totally obvious?!?


PS: version tcsh 6.20.00 (Astron) 2016-11-24 (i386-intel-FreeBSD) options w=
ide,nls,dl,al,kan,sm,rh,color,filec

Domagoj Smol=C4=8Di=C4=87

From owner-freebsd-hackers@freebsd.org  Thu Feb  6 17:29:12 2020
Return-Path: <owner-freebsd-hackers@freebsd.org>
Delivered-To: freebsd-hackers@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id BBD272318AF
 for <freebsd-hackers@mailman.nyi.freebsd.org>;
 Thu,  6 Feb 2020 17:29:12 +0000 (UTC)
 (envelope-from jamie@catflap.org)
Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::50:13])
 by mx1.freebsd.org (Postfix) with ESMTP id 48D55N28KZz4Jff
 for <freebsd-hackers@freebsd.org>; Thu,  6 Feb 2020 17:29:12 +0000 (UTC)
 (envelope-from jamie@catflap.org)
Received: by mailman.nyi.freebsd.org (Postfix)
 id 474B82318AE; Thu,  6 Feb 2020 17:29:12 +0000 (UTC)
Delivered-To: hackers@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 45EE22318AD
 for <hackers@mailman.nyi.freebsd.org>; Thu,  6 Feb 2020 17:29:12 +0000 (UTC)
 (envelope-from jamie@catflap.org)
Received: from donotpassgo.dyslexicfish.net (donotpassgo.dyslexicfish.net
 [IPv6:2001:19f0:300:2185:123::1])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 48D55M0X93z4Jfc
 for <hackers@freebsd.org>; Thu,  6 Feb 2020 17:29:10 +0000 (UTC)
 (envelope-from jamie@catflap.org)
Received: from donotpassgo.dyslexicfish.net (donotpassgo.dyslexicfish.net
 [104.207.135.49])
 by donotpassgo.dyslexicfish.net (8.14.5/8.14.5) with ESMTP id 016HT44O059140
 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
 Thu, 6 Feb 2020 17:29:04 GMT
 (envelope-from jamie@donotpassgo.dyslexicfish.net)
Received: (from jamie@localhost)
 by donotpassgo.dyslexicfish.net (8.14.5/8.14.5/Submit) id 016HT411059139;
 Thu, 6 Feb 2020 17:29:04 GMT (envelope-from jamie)
From: Jamie Landeg-Jones <jamie@catflap.org>
Message-Id: <202002061729.016HT411059139@donotpassgo.dyslexicfish.net>
Date: Thu, 06 Feb 2020 17:29:03 +0000
Organization: Dyslexic Fish
To: rank1seeker@gmail.com, hackers@freebsd.org
Subject: Re: [t]csh => Pass var containing multiline string to an alias
References: <20200206175513.00006006@gmail.com>
In-Reply-To: <20200206175513.00006006@gmail.com>
User-Agent: Heirloom mailx 12.4 7/29/08
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.2.7
 (donotpassgo.dyslexicfish.net [104.207.135.49]);
 Thu, 06 Feb 2020 17:29:04 +0000 (GMT)
X-Rspamd-Queue-Id: 48D55M0X93z4Jfc
X-Spamd-Bar: -----
Authentication-Results: mx1.freebsd.org; dkim=none;
 dmarc=pass (policy=none) header.from=catflap.org;
 spf=pass (mx1.freebsd.org: domain of jamie@catflap.org designates
 2001:19f0:300:2185:123::1 as permitted sender)
 smtp.mailfrom=jamie@catflap.org
X-Spamd-Result: default: False [-5.66 / 15.00]; ARC_NA(0.00)[];
 NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[];
 R_SPF_ALLOW(-0.20)[+mx:dyslexicfish.net];
 NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain];
 TO_DN_NONE(0.00)[]; HAS_ORG_HEADER(0.00)[];
 TO_MATCH_ENVRCPT_SOME(0.00)[]; RCPT_COUNT_TWO(0.00)[2];
 DMARC_POLICY_ALLOW(-0.50)[catflap.org,none];
 RCVD_TLS_LAST(0.00)[]; FREEMAIL_TO(0.00)[gmail.com];
 FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[];
 MIME_TRACE(0.00)[0:+];
 ASN(0.00)[asn:20473, ipnet:2001:19f0::/38, country:US];
 RCVD_COUNT_TWO(0.00)[2];
 IP_SCORE(-2.86)[ip: (-9.83), ipnet: 2001:19f0::/38(-2.68), asn: 20473(-1.74),
 country: US(-0.05)]
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
 <freebsd-hackers.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers/>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Feb 2020 17:29:12 -0000

Domagoj Smolčić <rank1seeker@gmail.com> wrote:

> So far so good, now alias:
> Double quotes are mandatory, else all ends up at 1 line
> --
> alias t_name    "aa $t_var bb"
> --
> Error:
>     Unmatched '"'.
>

I'm not able to test at the moment, but I think the :q operator should work,
to tell tcsh not to try and parse the results of the variablle.

I.e.

try

alias t_name    "aa $t_var:q bb"

Let me know if this works!

Cheers, Jamie

From owner-freebsd-hackers@freebsd.org  Thu Feb  6 18:15:58 2020
Return-Path: <owner-freebsd-hackers@freebsd.org>
Delivered-To: freebsd-hackers@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 7872C232EA9
 for <freebsd-hackers@mailman.nyi.freebsd.org>;
 Thu,  6 Feb 2020 18:15:58 +0000 (UTC)
 (envelope-from rank1seeker@gmail.com)
Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::50:13])
 by mx1.freebsd.org (Postfix) with ESMTP id 48D67L1mdzz4NWT
 for <freebsd-hackers@freebsd.org>; Thu,  6 Feb 2020 18:15:58 +0000 (UTC)
 (envelope-from rank1seeker@gmail.com)
Received: by mailman.nyi.freebsd.org (Postfix)
 id 3AB7E232EA8; Thu,  6 Feb 2020 18:15:58 +0000 (UTC)
Delivered-To: hackers@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 3A733232EA7
 for <hackers@mailman.nyi.freebsd.org>; Thu,  6 Feb 2020 18:15:58 +0000 (UTC)
 (envelope-from rank1seeker@gmail.com)
Received: from mail-wm1-x331.google.com (mail-wm1-x331.google.com
 [IPv6:2a00:1450:4864:20::331])
 (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
 server-signature RSA-PSS (4096 bits)
 client-signature RSA-PSS (2048 bits) client-digest SHA256)
 (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 48D67K39wnz4NWS
 for <hackers@freebsd.org>; Thu,  6 Feb 2020 18:15:56 +0000 (UTC)
 (envelope-from rank1seeker@gmail.com)
Received: by mail-wm1-x331.google.com with SMTP id m10so1436161wmc.0
 for <hackers@freebsd.org>; Thu, 06 Feb 2020 10:15:56 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=date:from:to:cc:subject:message-id:in-reply-to:references
 :mime-version:content-transfer-encoding;
 bh=HrzHAVHf44hfnd+q8Ku/OXSFgzQ3MAyzhUznEd0JMD0=;
 b=Df7bzmGI4ZVbmvAj8rTdsdT6lB6OZpak5PlPhbDrIHwu7h1sYQZ5LwpG+PtGRbKTfK
 pYmu75qCHrj8z0EEQMyFx+fGb+oskllFBnbtVpu5rZXCHcsCyMuzz4/XtAGPvVgqvk5H
 9Kdqz/uCbw5kfVUjnvrv+MsQQ2qztBowwcKdhQ8TKIONgFKU69xkAKuUSVOjQ8EiZbaG
 tCLFciM1IOquXCRY+24v9eZE/w9OVEM8mjvKa890NkaPu0uE6/iF8AB0AALF46t0MdO8
 wW4/YkXexRsl0jeogHliIrouU3rjARLlnjSqFfBuTC6+E09q5MsBBh7diL5XHWAsiV3r
 NciQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:date:from:to:cc:subject:message-id:in-reply-to
 :references:mime-version:content-transfer-encoding;
 bh=HrzHAVHf44hfnd+q8Ku/OXSFgzQ3MAyzhUznEd0JMD0=;
 b=GS3ztlNbVARUH8KkvmoTWLKIZ9L+MuhMcK0WgmRYZ27CRPkJylchz+1CoGdICt2WPX
 7wz5mLsmjky0qYhy9IyliAjXB//ecwcJG/Xu22hTTqC3xoh/hNURr8pLfJMtua+ioHot
 l6CX+d69fB82ZKU2Uq19JjVLNHW4+K6wF2HxLS+0NAXxsctujJ2Q4I1V5P9MAypd03sn
 5RzktIg0Hw7o1gWkSwjnpkLAtgKYs66kTRIg3JJGGFjOYjCnxcFXUllJBGID5Br5qZEt
 49nY/IlOQTBVtjtpO5EZk8mUbg3d5ZYUjnFJ+AuVVA9sWijxNcwYp1CidZrhwGB+s8Q8
 rPyw==
X-Gm-Message-State: APjAAAWwi+FXtImh6XuOJRgVm+34JUB7b4htgnSynDmHcvxxwpPpB593
 or3FI4IANRsqwLu2rEeB5m4F4cXb
X-Google-Smtp-Source: APXvYqw5QTbaDXx2xhLgEitVF/pKaCZDDR6J2fzZkCEzHwJOeGp3zFTCcRVFr4BNuQobsEpOz8enHg==
X-Received: by 2002:a7b:c652:: with SMTP id q18mr5797949wmk.123.1581012954463; 
 Thu, 06 Feb 2020 10:15:54 -0800 (PST)
Received: from localhost ([213.149.54.165])
 by smtp.gmail.com with ESMTPSA id y1sm118176wrq.16.2020.02.06.10.15.53
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Thu, 06 Feb 2020 10:15:54 -0800 (PST)
Date: Thu, 6 Feb 2020 19:14:12 +0100
From: Domagoj =?UTF-8?Q?Smol=C4=8Di=C4=87?= <rank1seeker@gmail.com>
To: Jamie Landeg-Jones <jamie@catflap.org>
Cc: hackers@freebsd.org
Subject: Re: [t]csh => Pass var containing multiline string to an alias
Message-ID: <20200206191412.00001298@gmail.com>
In-Reply-To: <202002061729.016HT411059139@donotpassgo.dyslexicfish.net>
References: <20200206175513.00006006@gmail.com>
 <202002061729.016HT411059139@donotpassgo.dyslexicfish.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
X-Rspamd-Queue-Id: 48D67K39wnz4NWS
X-Spamd-Bar: --
Authentication-Results: mx1.freebsd.org;
 dkim=pass header.d=gmail.com header.s=20161025 header.b=Df7bzmGI;
 dmarc=pass (policy=none) header.from=gmail.com;
 spf=pass (mx1.freebsd.org: domain of rank1seeker@gmail.com designates
 2a00:1450:4864:20::331 as permitted sender)
 smtp.mailfrom=rank1seeker@gmail.com
X-Spamd-Result: default: False [-3.00 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[];
 TO_DN_SOME(0.00)[];
 R_SPF_ALLOW(-0.20)[+ip6:2a00:1450:4000::/36:c];
 FREEMAIL_FROM(0.00)[gmail.com]; RCVD_COUNT_THREE(0.00)[3];
 DKIM_TRACE(0.00)[gmail.com:+]; RCPT_COUNT_TWO(0.00)[2];
 DMARC_POLICY_ALLOW(-0.50)[gmail.com,none];
 FROM_EQ_ENVFROM(0.00)[];
 IP_SCORE(0.00)[ip: (-8.93), ipnet: 2a00:1450::/32(-2.49), asn: 15169(-1.74),
 country: US(-0.05)]; MIME_TRACE(0.00)[0:+];
 FREEMAIL_ENVFROM(0.00)[gmail.com];
 ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US];
 MID_RHS_MATCH_FROM(0.00)[];
 DWL_DNSWL_NONE(0.00)[gmail.com.dwl.dnswl.org : 127.0.5.0];
 ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0];
 R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[];
 NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain];
 PREVIOUSLY_DELIVERED(0.00)[hackers@freebsd.org];
 IP_SCORE_FREEMAIL(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[];
 RCVD_IN_DNSWL_NONE(0.00)[1.3.3.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.5.4.1.0.0.a.2.list.dnswl.org
 : 127.0.5.0]; RCVD_TLS_ALL(0.00)[]
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
 <freebsd-hackers.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers/>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Feb 2020 18:15:58 -0000

On Thu, 06 Feb 2020 17:29:03 +0000
Jamie Landeg-Jones <jamie@catflap.org> wrote:

> Domagoj Smol=C4=8Di=C4=87 <rank1seeker@gmail.com> wrote:
>=20
> > So far so good, now alias:
> > Double quotes are mandatory, else all ends up at 1 line
> > --
> > alias t_name    "aa $t_var bb"
> > --
> > Error:
> >     Unmatched '"'.
> > =20
>=20
> I'm not able to test at the moment, but I think the :q operator
> should work, to tell tcsh not to try and parse the results of the
> variablle.
>=20
> I.e.
>=20
> try
>=20
> alias t_name    "aa $t_var:q bb"
>=20
> Let me know if this works!
>=20
> Cheers, Jamie


Yep Jamie,

It worked!
With & without additional \ char in t_var.
I wasn't even avare of :q operator.

Thx!
Domagoj Smol=C4=8Di=C4=87

From owner-freebsd-hackers@freebsd.org  Fri Feb  7 05:22:48 2020
Return-Path: <owner-freebsd-hackers@freebsd.org>
Delivered-To: freebsd-hackers@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id F11E524355D
 for <freebsd-hackers@mailman.nyi.freebsd.org>;
 Fri,  7 Feb 2020 05:22:48 +0000 (UTC)
 (envelope-from krbvivek2000@gmail.com)
Received: from mail-pj1-x1035.google.com (mail-pj1-x1035.google.com
 [IPv6:2607:f8b0:4864:20::1035])
 (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
 server-signature RSA-PSS (4096 bits)
 client-signature RSA-PSS (2048 bits) client-digest SHA256)
 (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 48DNwm1Wlbz47SL
 for <freebsd-hackers@freebsd.org>; Fri,  7 Feb 2020 05:22:48 +0000 (UTC)
 (envelope-from krbvivek2000@gmail.com)
Received: by mail-pj1-x1035.google.com with SMTP id q39so431540pjc.0
 for <freebsd-hackers@freebsd.org>; Thu, 06 Feb 2020 21:22:47 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=mime-version:from:date:message-id:subject:to;
 bh=CHtbieZkrp/5UwkE8fpOGMZulnob8yzF8kbhUn1RdWk=;
 b=fh0tGdzS7mucvitCFPI2+xGAIhUP0JiX25RXJztgg+CARPEtw+F2jmVUcfzS/wT6Li
 vsFNVrnwOcHBe8ldOBvd3rGXFmRMm9g9tiz7X9LzFP81+Jrz9BHxEZJNaIEv/6sZL1pD
 4PRu6IB6dY6afBKd5SgTNrHCsja4sPv6D85po/S+zaJcCe0UynRgoP7joqRtfnpPmPSE
 A7c/fL/0Ul64szK0FUtmHKawV0Ls4Z6Ly1jg0FpP0sa3s61fEYQjOgE7tQ1KWLvdNxWK
 3sOiHCgBqrYAro8hygNUHTnX7yqPWcpWWf7gsGY+8Xc4NdmFaCzWt0+oHWBECkSX+BcF
 mvWQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:from:date:message-id:subject:to;
 bh=CHtbieZkrp/5UwkE8fpOGMZulnob8yzF8kbhUn1RdWk=;
 b=ui6TMvq9wmBXrTXOmCjfb7zZcqJnHT+eLenSfy2gy5bIaT9fkRK6uGf21GFcpwp2hT
 7n30kWwvEZ/hy/PW8DnysOomZoSSjD+iwVkCmxnL5/gXCdpoM6lJXKp+aHQshkXp72TN
 yiLcghumMnSM6oAcGCiqdaWyRmoIQW+EcOpqlPA+Q5wtlTNbc5Uw32Wm7bbtRo0MbPHk
 BLUr6sqfn3DnxB6OqHwtsJD72+hHhWlSqWIqIVkxTbpdTo0MJHc9c/ee0W9JN4+wKvXi
 bEvsv0siKLx2g3wWCRdspC36NNDNd1+iS4qBZQ1O7ugCz1S1fEKn3cKQ9jTtcZZPeuQB
 KL8Q==
X-Gm-Message-State: APjAAAXAcdiaAWI7lM4sbJ1vovqeKfmVhvVdsqh9aLMd9b5a5Qv4ztxj
 u1b6gTkC13jADEXvctEbajnkrAolm9M4tpHF8kUJ5LvJ/0w=
X-Google-Smtp-Source: APXvYqynUsZDWEwP4PIElQ4vkLBC2DLW7CRE0LgYM+Az1rqqdJTOTo9ffs9KbnD3dcIOCV+Y+9NOWmsYmS387QAxhUQ=
X-Received: by 2002:a17:90a:f84:: with SMTP id 4mr1824753pjz.74.1581052961141; 
 Thu, 06 Feb 2020 21:22:41 -0800 (PST)
MIME-Version: 1.0
From: Vivek Kamisetty <krbvivek2000@gmail.com>
Date: Fri, 7 Feb 2020 10:52:11 +0530
Message-ID: <CAM-eAEf1uhyssbtBTs6A3bfLH-FwqD0mkcGMmX+nejR4k6QtLA@mail.gmail.com>
Subject: Google Summer Of Code 2020
To: freebsd-hackers@freebsd.org
X-Rspamd-Queue-Id: 48DNwm1Wlbz47SL
X-Spamd-Bar: --
Authentication-Results: mx1.freebsd.org;
 dkim=pass header.d=gmail.com header.s=20161025 header.b=fh0tGdzS;
 dmarc=pass (policy=none) header.from=gmail.com;
 spf=pass (mx1.freebsd.org: domain of krbvivek2000@gmail.com designates
 2607:f8b0:4864:20::1035 as permitted sender)
 smtp.mailfrom=krbvivek2000@gmail.com
X-Spamd-Result: default: False [-3.00 / 15.00]; ARC_NA(0.00)[];
 NEURAL_HAM_MEDIUM(-1.00)[-1.000,0];
 R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[];
 R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36:c];
 FREEMAIL_FROM(0.00)[gmail.com];
 MIME_GOOD(-0.10)[multipart/alternative,text/plain];
 PREVIOUSLY_DELIVERED(0.00)[freebsd-hackers@freebsd.org];
 TO_DN_NONE(0.00)[]; IP_SCORE_FREEMAIL(0.00)[];
 RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-1.00)[-1.000,0];
 IP_SCORE(0.00)[ipnet: 2607:f8b0::/32(-1.97), asn: 15169(-1.74), country:
 US(-0.05)]; TO_MATCH_ENVRCPT_ALL(0.00)[];
 DKIM_TRACE(0.00)[gmail.com:+];
 DMARC_POLICY_ALLOW(-0.50)[gmail.com,none];
 FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~];
 FREEMAIL_ENVFROM(0.00)[gmail.com];
 ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US];
 RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[];
 DWL_DNSWL_NONE(0.00)[gmail.com.dwl.dnswl.org : 127.0.5.0]
Content-Type: text/plain; charset="UTF-8"
X-Content-Filtered-By: Mailman/MimeDel 2.1.29
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
 <freebsd-hackers.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers/>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Feb 2020 05:22:49 -0000

Hello,
Can I know the existing projects for GsoC 2020?

-- 
Regards,
Vivek Kamisetty.

From owner-freebsd-hackers@freebsd.org  Fri Feb  7 09:53:07 2020
Return-Path: <owner-freebsd-hackers@freebsd.org>
Delivered-To: freebsd-hackers@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 6DFC5247F00
 for <freebsd-hackers@mailman.nyi.freebsd.org>;
 Fri,  7 Feb 2020 09:53:07 +0000 (UTC)
 (envelope-from lwhsu.freebsd@gmail.com)
Received: from mail-yb1-f174.google.com (mail-yb1-f174.google.com
 [209.85.219.174])
 (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
 server-signature RSA-PSS (4096 bits)
 client-signature RSA-PSS (2048 bits) client-digest SHA256)
 (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 48DVwf3QHWz4Lpr
 for <freebsd-hackers@freebsd.org>; Fri,  7 Feb 2020 09:53:06 +0000 (UTC)
 (envelope-from lwhsu.freebsd@gmail.com)
Received: by mail-yb1-f174.google.com with SMTP id z15so939556ybm.8
 for <freebsd-hackers@freebsd.org>; Fri, 07 Feb 2020 01:53:06 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:references:in-reply-to:from:date
 :message-id:subject:to:cc;
 bh=BB2/EfANKLCDWUaxqZb1rNggtDd0XjEiQ7jPdfAbetM=;
 b=chNMLs+gmliBcU/8eOehpx1yQLMvQZO3l48pKnJVpXtGlfvy90TFkvqqc3GkQXR9rp
 1NeIAK9C23DkUIfkbJbNJDN7B2JdtXIHErnkexkAo6WswE6XIuprEe1gT3kEGOUa1M8c
 YcGr8i8j4S9GiIFQFFEJ0XeuRnIaWY/nylHIEDWnm4nvhJtVxQayBtyjhAT4XvQkN1WJ
 PlCf/tzENrq81NiDuZA9+zR8DAroIqRuCXtDSDVfYbF+c0DRp2n29cfcNIvCiLi53k/W
 m0w5m6YzPicy4QFCwAE59+kGS1wo63nSSR/3JLUMi1FliDIKlDG/wzw+Hea11imhfrKJ
 XZMQ==
X-Gm-Message-State: APjAAAUKACnbIWFoui6K4lxmC+AkiEFac+b+0l4KAWkvRxpdnDVfPByE
 z804ajiEu5wl22/DoAdnYEjfWgXMxXvmqvNWtLkss7U5
X-Google-Smtp-Source: APXvYqzk+JW9/+lUqlnchcLpBVW+kWsqRJ1vfpOo3gGALCvMbcholuBwlP2qxTi6PYCT8f3shUhdUcB72oHUfNtFbpw=
X-Received: by 2002:a25:8452:: with SMTP id r18mr7666368ybm.176.1581069185045; 
 Fri, 07 Feb 2020 01:53:05 -0800 (PST)
MIME-Version: 1.0
References: <CAM-eAEf1uhyssbtBTs6A3bfLH-FwqD0mkcGMmX+nejR4k6QtLA@mail.gmail.com>
In-Reply-To: <CAM-eAEf1uhyssbtBTs6A3bfLH-FwqD0mkcGMmX+nejR4k6QtLA@mail.gmail.com>
From: Li-Wen Hsu <lwhsu@freebsd.org>
Date: Fri, 7 Feb 2020 17:52:53 +0800
Message-ID: <CAKBkRUxgAbuf2+C6eL=ndxMYNYaUXHbMc4H5zmLcBJ_+T0YuHw@mail.gmail.com>
Subject: Re: Google Summer Of Code 2020
To: Vivek Kamisetty <krbvivek2000@gmail.com>
Cc: FreeBSD Hackers <freebsd-hackers@freebsd.org>
Content-Type: text/plain; charset="UTF-8"
X-Rspamd-Queue-Id: 48DVwf3QHWz4Lpr
X-Spamd-Bar: ----
Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none;
 spf=pass (mx1.freebsd.org: domain of lwhsufreebsd@gmail.com designates
 209.85.219.174 as permitted sender) smtp.mailfrom=lwhsufreebsd@gmail.com
X-Spamd-Result: default: False [-4.62 / 15.00]; ARC_NA(0.00)[];
 NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; RCVD_TLS_ALL(0.00)[];
 FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:209.85.128.0/17];
 NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain];
 PREVIOUSLY_DELIVERED(0.00)[freebsd-hackers@freebsd.org];
 DMARC_NA(0.00)[freebsd.org]; MIME_TRACE(0.00)[0:+];
 TO_DN_ALL(0.00)[]; RCPT_COUNT_TWO(0.00)[2];
 RCVD_IN_DNSWL_NONE(0.00)[174.219.85.209.list.dnswl.org : 127.0.5.0];
 TO_MATCH_ENVRCPT_SOME(0.00)[];
 IP_SCORE(-2.62)[ip: (-8.28), ipnet: 209.85.128.0/17(-3.03), asn: 15169(-1.74),
 country: US(-0.05)]; 
 FORGED_SENDER(0.30)[lwhsu@freebsd.org,lwhsufreebsd@gmail.com];
 FREEMAIL_TO(0.00)[gmail.com];
 RWL_MAILSPIKE_POSSIBLE(0.00)[174.219.85.209.rep.mailspike.net : 127.0.0.17];
 R_DKIM_NA(0.00)[]; FREEMAIL_ENVFROM(0.00)[gmail.com];
 ASN(0.00)[asn:15169, ipnet:209.85.128.0/17, country:US];
 TAGGED_FROM(0.00)[];
 FROM_NEQ_ENVFROM(0.00)[lwhsu@freebsd.org,lwhsufreebsd@gmail.com];
 RCVD_COUNT_TWO(0.00)[2]
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
 <freebsd-hackers.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers/>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Feb 2020 09:53:07 -0000

On Fri, Feb 7, 2020 at 1:22 PM Vivek Kamisetty <krbvivek2000@gmail.com> wrote:
>
> Hello,
> Can I know the existing projects for GsoC 2020?

There is a wiki page at https://wiki.freebsd.org/SummerOfCodeIdeas

We are still collecting ideas and sorting this page, and you're of
course welcomed to purpose your ideas, sometimes this works even
better.

Li-Wen

From owner-freebsd-hackers@freebsd.org  Fri Feb  7 14:12:07 2020
Return-Path: <owner-freebsd-hackers@freebsd.org>
Delivered-To: freebsd-hackers@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id F324224D7E9
 for <freebsd-hackers@mailman.nyi.freebsd.org>;
 Fri,  7 Feb 2020 14:12:06 +0000 (UTC)
 (envelope-from debdrup@freebsd.org)
Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 server-signature RSA-PSS (4096 bits)
 client-signature RSA-PSS (4096 bits) client-digest SHA256)
 (Client CN "smtp.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 48DcgV6624z4bM3
 for <freebsd-hackers@freebsd.org>; Fri,  7 Feb 2020 14:12:06 +0000 (UTC)
 (envelope-from debdrup@freebsd.org)
Received: from mail-ot1-f45.google.com (mail-ot1-f45.google.com
 [209.85.210.45])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK))
 (Authenticated sender: debdrup)
 by smtp.freebsd.org (Postfix) with ESMTPSA id BACCFEE8
 for <freebsd-hackers@freebsd.org>; Fri,  7 Feb 2020 14:12:06 +0000 (UTC)
 (envelope-from debdrup@freebsd.org)
Received: by mail-ot1-f45.google.com with SMTP id g64so2214520otb.13
 for <freebsd-hackers@freebsd.org>; Fri, 07 Feb 2020 06:12:06 -0800 (PST)
X-Gm-Message-State: APjAAAWOzhE3l1Xkd0oLqSkmjvIWyFbnfHMPkkgMeHTEqnnh4gbHZDwg
 Wj49IwfHKjRyCbJS+j84KJUi74ujoPTnOVeflF9t1A==
X-Google-Smtp-Source: APXvYqyfc0IUL3h134K8i/B8rC3rCpIyAt8uq8A+vD33ObRhtXnRHBbfSo380daC1Y9cx4vbt8Krh2lJiSt3Fcd+AhE=
X-Received: by 2002:a9d:53cb:: with SMTP id i11mr2907673oth.158.1581084726150; 
 Fri, 07 Feb 2020 06:12:06 -0800 (PST)
MIME-Version: 1.0
References: <CAE5X4z=VvLoL1NFzDpNeBVjHHpJJdWpA6D8yvKmqK0Wx8CY8rA@mail.gmail.com>
In-Reply-To: <CAE5X4z=VvLoL1NFzDpNeBVjHHpJJdWpA6D8yvKmqK0Wx8CY8rA@mail.gmail.com>
From: Daniel Ebdrup Jensen <debdrup@freebsd.org>
Date: Fri, 7 Feb 2020 15:11:53 +0100
X-Gmail-Original-Message-ID: <CAJEDNsiCSBSbPqZT2x-csYE+N50xZM2ONpLZf7mvyxjtpsaejw@mail.gmail.com>
Message-ID: <CAJEDNsiCSBSbPqZT2x-csYE+N50xZM2ONpLZf7mvyxjtpsaejw@mail.gmail.com>
Subject: Re: help:I want to contribute to this organisation. Can you some good
 projects to work on?
To: Pushpendra A <aladupushpendra08@gmail.com>
Cc: freebsd-hackers@freebsd.org
Content-Type: text/plain; charset="UTF-8"
X-Content-Filtered-By: Mailman/MimeDel 2.1.29
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
 <freebsd-hackers.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers/>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Feb 2020 14:12:07 -0000

On Thu, Feb 6, 2020 at 3:02 PM Pushpendra A <aladupushpendra08@gmail.com>
wrote:

> I want to contribute to this organisation. Can you some good projects to
> work on?
> _______________________________________________
> freebsd-hackers@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-hackers
> To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org"
>

Probably the easiest way to get an idea of what's needed is to have a look
at [1] and [2], and then get in contact with the people listed for each
idea.

I hope you find something that suits your interests and talents. :)

[1]: https://wiki.freebsd.org/IdeasPage
[2]: https://wiki.freebsd.org/JuniorJobs

From owner-freebsd-hackers@freebsd.org  Sat Feb  8 18:08:42 2020
Return-Path: <owner-freebsd-hackers@freebsd.org>
Delivered-To: freebsd-hackers@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 792B9247C4C
 for <freebsd-hackers@mailman.nyi.freebsd.org>;
 Sat,  8 Feb 2020 18:08:42 +0000 (UTC) (envelope-from neel@neelc.org)
Received: from rainpuddle.neelc.org (rainpuddle.neelc.org
 [IPv6:2001:19f0:8001:fed:5400:2ff:fe73:c622])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 server-signature RSA-PSS (4096 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 48FKt10Jr6z44Y1
 for <freebsd-hackers@freebsd.org>; Sat,  8 Feb 2020 18:08:40 +0000 (UTC)
 (envelope-from neel@neelc.org)
Received: from [IPv6:2607:fb90:b25c:8966:e90b:fd96:82f:d117] (unknown
 [IPv6:2607:fb90:b25c:8966:e90b:fd96:82f:d117])
 by rainpuddle.neelc.org (Postfix) with ESMTPSA id E6079B103A
 for <freebsd-hackers@freebsd.org>; Sat,  8 Feb 2020 10:08:30 -0800 (PST)
Date: Sat, 08 Feb 2020 10:08:29 -0800
User-Agent: K-9 Mail for Android
MIME-Version: 1.0
Subject: Reviewing ipfw: Add missing mention of RFC 6598/Carrier Grade NAT in
 ipfw_config_nat()
To: freebsd-hackers@freebsd.org
From: Neel Chauhan <neel@neelc.org>
Message-ID: <43CD9C7E-F7AB-412F-A07E-6B95FA2720A6@neelc.org>
X-Rspamd-Queue-Id: 48FKt10Jr6z44Y1
X-Spamd-Bar: ---
Authentication-Results: mx1.freebsd.org; dkim=none;
 dmarc=pass (policy=none) header.from=neelc.org;
 spf=pass (mx1.freebsd.org: domain of neel@neelc.org designates
 2001:19f0:8001:fed:5400:2ff:fe73:c622 as permitted sender)
 smtp.mailfrom=neel@neelc.org
X-Spamd-Result: default: False [-3.16 / 15.00]; ARC_NA(0.00)[];
 RCVD_VIA_SMTP_AUTH(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-0.997,0];
 FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+a];
 TO_MATCH_ENVRCPT_ALL(0.00)[];
 MIME_GOOD(-0.10)[multipart/alternative,text/plain];
 TO_DN_NONE(0.00)[];
 PREVIOUSLY_DELIVERED(0.00)[freebsd-hackers@freebsd.org];
 RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-1.00)[-1.000,0];
 IP_SCORE(-0.36)[asn: 20473(-1.74), country: US(-0.05)];
 DMARC_POLICY_ALLOW(-0.50)[neelc.org,none];
 FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[];
 MIME_TRACE(0.00)[0:+,1:+,2:~];
 ASN(0.00)[asn:20473, ipnet:2001:19f0:8000::/38, country:US];
 MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[];
 RCVD_COUNT_TWO(0.00)[2]
Content-Type: text/plain;
 charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Content-Filtered-By: Mailman/MimeDel 2.1.29
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
 <freebsd-hackers.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers/>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 08 Feb 2020 18:08:42 -0000

Hi,

Could someone please review and commit my patch on Phabricator here: https=
://reviews=2Efreebsd=2Eorg/D23448

The patch title is: ipfw: Add missing mention of RFC 6598/Carrier Grade NA=
T in ipfw_config_nat()


-Neel

=3D=3D=3D

https://www=2Eneelc=2Eorg