From owner-svn-src-head@freebsd.org  Wed Feb 22 07:57:25 2017
Return-Path: <owner-svn-src-head@freebsd.org>
Delivered-To: svn-src-head@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5C669CE94F7
 for <svn-src-head@mailman.ysv.freebsd.org>;
 Wed, 22 Feb 2017 07:57:25 +0000 (UTC)
 (envelope-from r@robakdesign.com)
Received: from mail-ua0-f170.google.com (mail-ua0-f170.google.com
 [209.85.217.170])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 144DB1DFA
 for <svn-src-head@freebsd.org>; Wed, 22 Feb 2017 07:57:24 +0000 (UTC)
 (envelope-from r@robakdesign.com)
Received: by mail-ua0-f170.google.com with SMTP id c32so2181604uac.1
 for <svn-src-head@freebsd.org>; Tue, 21 Feb 2017 23:57:24 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:in-reply-to:references:from:date
 :message-id:subject:to:cc;
 bh=yolw5lcLdS6vr4ExtZAM3SP8T6t28RINiRIcMWMcKqE=;
 b=irQd7BXggXA1tZw4AOmxTYeQNwd8xetp4BnRBJgBjxDMm8JINg0yhjQ0hdlZuZrzPc
 HVhhkW3swJLswkeq7WO6ALmGhX1G9eqEolgQ8hEtEbzlqjRA/uK5szopSyU1OM11vezR
 1ea6+0a2hTTcs31MWGKGrmrI/7LaNU9tl4uuSkZNA0lqX17ZtAmSJQHBng32MKCGkhWb
 HrTca9iG/0pTwUTFkKQIWW2oeSimV5d4FvG9Sevspmc2ENVsTRdgKIJI+qAkpiFSyJwf
 21GiJr9U3XQ5Et6xlQHUqljOEjCmpESQDa+md6XwqiYyjio4muHc6VjV1oSjbAh+vS7o
 amMg==
X-Gm-Message-State: AMke39kp8EzgTK8nXjxZMhJRIZ/5HP0pU6+Xwwwxj3KjHtf1J/QxGwnp5RBsGaSstPp9FQ==
X-Received: by 10.176.81.58 with SMTP id e55mr3467021uaa.100.1487750238173;
 Tue, 21 Feb 2017 23:57:18 -0800 (PST)
Received: from mail-ua0-f174.google.com (mail-ua0-f174.google.com.
 [209.85.217.174])
 by smtp.gmail.com with ESMTPSA id n60sm99991uan.36.2017.02.21.23.57.13
 for <svn-src-head@freebsd.org>
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Tue, 21 Feb 2017 23:57:18 -0800 (PST)
Received: by mail-ua0-f174.google.com with SMTP id g30so219096uac.3
 for <svn-src-head@freebsd.org>; Tue, 21 Feb 2017 23:57:13 -0800 (PST)
X-Received: by 10.176.69.5 with SMTP id r5mr10251047uar.56.1487750233216; Tue,
 21 Feb 2017 23:57:13 -0800 (PST)
MIME-Version: 1.0
Received: by 10.103.19.131 with HTTP; Tue, 21 Feb 2017 23:56:52 -0800 (PST)
In-Reply-To: <20170221144002.GA87822@FreeBSD.org>
References: <201702210937.v1L9bY6V093836@repo.freebsd.org>
 <28a4cf5e-2edd-3e30-9ecd-817f886e9ea3@FreeBSD.org>
 <20170221144002.GA87822@FreeBSD.org>
From: =?UTF-8?Q?Bart=C5=82omiej_Rutkowski?= <robak@freebsd.org>
Date: Wed, 22 Feb 2017 07:56:52 +0000
X-Gmail-Original-Message-ID: <CAGFrfxaoQccZAt+RowF2eH5TS0poJUojhHMe=JFfutwoabhBDQ@mail.gmail.com>
Message-ID: <CAGFrfxaoQccZAt+RowF2eH5TS0poJUojhHMe=JFfutwoabhBDQ@mail.gmail.com>
Subject: Re: svn commit: r314036 - head/usr.sbin/bsdinstall/scripts
To: Alexey Dokuchaev <danfe@freebsd.org>
Cc: Eric Badger <badger@freebsd.org>, Bartek Rutkowski <robak@freebsd.org>,
 src-committers@freebsd.org, 
 svn-src-all@freebsd.org, svn-src-head@freebsd.org
Content-Type: text/plain; charset=UTF-8
X-Content-Filtered-By: Mailman/MimeDel 2.1.23
X-BeenThere: svn-src-head@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: SVN commit messages for the src tree for head/-current
 <svn-src-head.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-head/>
List-Post: <mailto:svn-src-head@freebsd.org>
List-Help: <mailto:svn-src-head-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Feb 2017 07:57:25 -0000

On Tue, Feb 21, 2017 at 2:40 PM, Alexey Dokuchaev <danfe@freebsd.org> wrote:

> On Tue, Feb 21, 2017 at 08:34:29AM -0600, Eric Badger wrote:
> > Thanks for working on making it easier to harden FreeBSD. While
> > defaulting some of these options to "on" seem pretty harmless (e.g.
> > random_pid), others are likely to cause confusion for new and
> > experienced users alike (e.g. proc_debug. I've never used that option
> > before, so I gave it a try. It simply causes gdb to hang when attempting
> > to start a process, with no obvious indication of why).
>
> I concur.  In fact, harmless knobs should probably be turned on by default
> in FreeBSD itself (i.e., without any "hardening" help from the installer),
> while more intrusive ones should be opt-in, not opt-out.
>
> ./danfe
>

I strongly believe we should, by default, ship as secured and hardened as
possible in order to improve overall security of new users installations.
Power users will and do change the OS as they please, they most likely
don't use bsdinstall in first place, so they're not affected in any way.
These options have been around forever, used by a lot of users (once they
got to know those even exist) and seem to cause no issues. However, despite
that, and numerous discussions and mail threads over the years, we've
struggled to enable them and, as you can se, we even struggle to present
and make them available via installer. That's bad and I aim to change it :)

Kind regards,
Bartek Rutkowski