From owner-svn-src-head@freebsd.org  Wed Feb 22 20:27:50 2017
Return-Path: <owner-svn-src-head@freebsd.org>
Delivered-To: svn-src-head@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id B284DCE6F50;
 Wed, 22 Feb 2017 20:27:50 +0000 (UTC)
 (envelope-from bdrewery@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
 [IPv6:2610:1c1:1:6074::16:84])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "freefall.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 812C1CAB;
 Wed, 22 Feb 2017 20:27:50 +0000 (UTC)
 (envelope-from bdrewery@FreeBSD.org)
Received: from mail.xzibition.com (freefall.freebsd.org
 [IPv6:2610:1c1:1:6074::16:84])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by freefall.freebsd.org (Postfix) with ESMTPS id A7C834D40;
 Wed, 22 Feb 2017 20:27:49 +0000 (UTC)
 (envelope-from bdrewery@FreeBSD.org)
Received: from mail.xzibition.com (localhost [172.31.3.2])
 by mail.xzibition.com (Postfix) with ESMTP id 91FA233755;
 Wed, 22 Feb 2017 20:27:44 +0000 (UTC)
X-Virus-Scanned: amavisd-new at mail.xzibition.com
Received: from mail.xzibition.com ([172.31.3.2])
 by mail.xzibition.com (mail.xzibition.com [172.31.3.2]) (amavisd-new,
 port 10026)
 with LMTP id 8AgSI7-0RCeK; Wed, 22 Feb 2017 20:27:25 +0000 (UTC)
Subject: Re: svn commit: r314036 - head/usr.sbin/bsdinstall/scripts
DKIM-Filter: OpenDKIM Filter v2.9.2 mail.xzibition.com 5D00133726
To: Alexey Dokuchaev <danfe@FreeBSD.org>, Eric Badger <badger@FreeBSD.org>,
 Bartek Rutkowski <robak@FreeBSD.org>, src-committers@freebsd.org,
 svn-src-all@freebsd.org, svn-src-head@freebsd.org
References: <201702210937.v1L9bY6V093836@repo.freebsd.org>
 <28a4cf5e-2edd-3e30-9ecd-817f886e9ea3@FreeBSD.org>
 <20170221144002.GA87822@FreeBSD.org> <20170222070733.GA29010@ymer.vnode.se>
From: Bryan Drewery <bdrewery@FreeBSD.org>
Openpgp: id=F9173CB2C3AAEA7A5C8A1F0935D771BB6E4697CF;
 url=http://www.shatow.net/bryan/bryan2.asc
Organization: FreeBSD
Message-ID: <6550638c-a629-bf5e-65e0-672cfd125f73@FreeBSD.org>
Date: Wed, 22 Feb 2017 12:26:34 -0800
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101
 Thunderbird/45.7.1
MIME-Version: 1.0
In-Reply-To: <20170222070733.GA29010@ymer.vnode.se>
Content-Type: multipart/signed; micalg=pgp-sha1;
 protocol="application/pgp-signature";
 boundary="NX4DvRBbf3kvUjiLDMJTSBCJSWXFwimTj"
X-BeenThere: svn-src-head@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: SVN commit messages for the src tree for head/-current
 <svn-src-head.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-head/>
List-Post: <mailto:svn-src-head@freebsd.org>
List-Help: <mailto:svn-src-head-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Feb 2017 20:27:50 -0000

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--NX4DvRBbf3kvUjiLDMJTSBCJSWXFwimTj
Content-Type: multipart/mixed; boundary="shThLlQ5LdurFTRPUxFjUDcq7Cm63IAw0";
 protected-headers="v1"
From: Bryan Drewery <bdrewery@FreeBSD.org>
To: Alexey Dokuchaev <danfe@FreeBSD.org>, Eric Badger <badger@FreeBSD.org>,
 Bartek Rutkowski <robak@FreeBSD.org>, src-committers@freebsd.org,
 svn-src-all@freebsd.org, svn-src-head@freebsd.org
Message-ID: <6550638c-a629-bf5e-65e0-672cfd125f73@FreeBSD.org>
Subject: Re: svn commit: r314036 - head/usr.sbin/bsdinstall/scripts
References: <201702210937.v1L9bY6V093836@repo.freebsd.org>
 <28a4cf5e-2edd-3e30-9ecd-817f886e9ea3@FreeBSD.org>
 <20170221144002.GA87822@FreeBSD.org> <20170222070733.GA29010@ymer.vnode.se>
In-Reply-To: <20170222070733.GA29010@ymer.vnode.se>

--shThLlQ5LdurFTRPUxFjUDcq7Cm63IAw0
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable

On 2/21/2017 11:07 PM, Joel Dahl wrote:
> On Tue, Feb 21, 2017 at 02:40:02PM +0000, Alexey Dokuchaev wrote:
>> On Tue, Feb 21, 2017 at 08:34:29AM -0600, Eric Badger wrote:
>>> Thanks for working on making it easier to harden FreeBSD. While
>>> defaulting some of these options to "on" seem pretty harmless (e.g.
>>> random_pid), others are likely to cause confusion for new and
>>> experienced users alike (e.g. proc_debug. I've never used that option=

>>> before, so I gave it a try. It simply causes gdb to hang when attempt=
ing
>>> to start a process, with no obvious indication of why).
>>
>> I concur.  In fact, harmless knobs should probably be turned on by def=
ault
>> in FreeBSD itself (i.e., without any "hardening" help from the install=
er),
>> while more intrusive ones should be opt-in, not opt-out.
>=20
> I agree. Can we back this out and discuss it on current@?
>=20

I concur.
In the original review for adding this I predicted today would come,
https://reviews.freebsd.org/D6826.  I still think that it is very
under-designed and under-thought out.

I personally agree with hardening my system, but I have a number of
issues with this approach:

1. It makes *1 installation* method do hardening, while every other
installation method, and *upgrade* methods not do hardening.  So someone
upgrading from 11.0 to 12.0 won't get hardening, but someone installing
from bsdinstall for 12.0 fresh will get it.  There should not be a
distinction between our installation/upgrade methods like this.

2. It ignores that FreeBSD is *generic Operating System* that serves
many workflows.  Developers want all of this off, System Administrators
want all of it on, and Desktop users may want a compromise of half of it
to allow various drivers to work (not pointing at any specific sysctl
right now).

I think what is really needed is a system profile that lets you pick the
workflow you are going to use the system for, and then set some
reasonable defaults from there.  We will never all agree on the same
defaults because we all are using the systems differently, but we can
find some compromise if we make Use Cases, such as a System Profile
would entail.

I too would like to see this backed out.

--=20
Regards,
Bryan Drewery


--shThLlQ5LdurFTRPUxFjUDcq7Cm63IAw0--

--NX4DvRBbf3kvUjiLDMJTSBCJSWXFwimTj
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBAgAGBQJYrfP6AAoJEDXXcbtuRpfPce8IAMrKdkmxSfANidz9cK4+03QZ
PmX8urFiLB6/Tz67MDNkoZHmFy2+ScKMqJtGfiWWqyRUbXzm9hf16JKQWmcuP80l
o2vkZ038+V46/4dsUD1PLCjMkxnm2/HhwEOHCqE+NaBcFPQpUSYSvRe9SUYPB7K/
g19JyvgTu5Ti1oXUGav7YOGgIy0Q0MHVOqx5+d/zuqiFIykkB+j7hgWMwmE/BK2q
/5gAqFme4rsqi+iOg4FSXd+L9GIHKC88Mt0XbFfeiNEmuJDq2QgLQBcL7cXzLpIL
UuCuILA2ebbeT5JLqxv1wH1zDfn0WyA7Qfv5wrGzlwrEB/M55ZGBIX2EuiPR/MA=
=QcZa
-----END PGP SIGNATURE-----

--NX4DvRBbf3kvUjiLDMJTSBCJSWXFwimTj--