From owner-svn-src-all@freebsd.org Wed Feb 22 07:53:12 2017 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id EDC7CCE944E for ; Wed, 22 Feb 2017 07:53:12 +0000 (UTC) (envelope-from r@robakdesign.com) Received: from mail-ua0-f171.google.com (mail-ua0-f171.google.com [209.85.217.171]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id B086F1C4F for ; Wed, 22 Feb 2017 07:53:12 +0000 (UTC) (envelope-from r@robakdesign.com) Received: by mail-ua0-f171.google.com with SMTP id g30so171949uac.3 for ; Tue, 21 Feb 2017 23:53:12 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=eAqBaoLHZ1mGDmUqB0Yf+wDCiU2DD6WvkFTVgVOegt0=; b=DMoiy1uhpZM3dNne/xG4qBPKcEzXRaluJaSTANfNROPj/0YvTqlBT8lRMhoecD5YFM qC1+X9ZaFP5GqVXdsP2ztJ0Oz24yr04SGsPS21M1jnDzhStvm8Pwh3PGTGBxS2tw77nO 7h9qEjnfBKC+NzEEWJqCszTMxNvy1JOTCpzRnPJ+fCBfGh3f2rL4nnjutaNfT/bvmYwN An2PonxaZVPiNzGsryHIG3ZNhRLoB8h7X8zpYs+W0AO+zL/U3d8LgANKCsrV2pAhf334 QuJ3Wck7nU9QDeGELCnBD0YQisqNPN7X+lhuFg/hJzAYVt9eSjLYKR2Ewo6JRhDbtuji ryJQ== X-Gm-Message-State: AMke39mOP+QwNWdsdxpeDLJmVoXQIq3zWT4twznk19jsGTn9Cy3z8ozZNcWwGmYxk4hZKw== X-Received: by 10.176.4.84 with SMTP id 78mr5552269uav.15.1487749986209; Tue, 21 Feb 2017 23:53:06 -0800 (PST) Received: from mail-ua0-f169.google.com (mail-ua0-f169.google.com. [209.85.217.169]) by smtp.gmail.com with ESMTPSA id t62sm98707uat.33.2017.02.21.23.53.05 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 21 Feb 2017 23:53:05 -0800 (PST) Received: by mail-ua0-f169.google.com with SMTP id 40so2120297uau.2 for ; Tue, 21 Feb 2017 23:53:05 -0800 (PST) X-Received: by 10.176.82.86 with SMTP id j22mr5162884uaa.126.1487749985470; Tue, 21 Feb 2017 23:53:05 -0800 (PST) MIME-Version: 1.0 Received: by 10.103.19.131 with HTTP; Tue, 21 Feb 2017 23:52:45 -0800 (PST) In-Reply-To: <28a4cf5e-2edd-3e30-9ecd-817f886e9ea3@FreeBSD.org> References: <201702210937.v1L9bY6V093836@repo.freebsd.org> <28a4cf5e-2edd-3e30-9ecd-817f886e9ea3@FreeBSD.org> From: =?UTF-8?Q?Bart=C5=82omiej_Rutkowski?= Date: Wed, 22 Feb 2017 07:52:45 +0000 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: svn commit: r314036 - head/usr.sbin/bsdinstall/scripts To: Eric Badger Cc: Bartek Rutkowski , src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.23 X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Feb 2017 07:53:13 -0000 On Tue, Feb 21, 2017 at 2:34 PM, Eric Badger wrote: > On 02/21/2017 03:37 AM, Bartek Rutkowski wrote: > >> Author: robak (ports committer) >> Date: Tue Feb 21 09:37:33 2017 >> New Revision: 314036 >> URL: https://svnweb.freebsd.org/changeset/base/314036 >> >> Log: >> Enable bsdinstall hardening options by default. >> >> As discussed previously, in order to introduce new OS hardening >> defaults, we've added them to bsdinstall in 'off by default' mode. >> It has been there for a while, so the next step is to change them >> to 'on by defaul' mode, so that in future we could simply enable >> them in base OS. >> >> Reviewed by: brd >> Approved by: adrian >> Differential Revision: https://reviews.freebsd.org/D9641 >> >> Modified: >> head/usr.sbin/bsdinstall/scripts/hardening >> >> Modified: head/usr.sbin/bsdinstall/scripts/hardening >> ============================================================ >> ================== >> --- head/usr.sbin/bsdinstall/scripts/hardening Tue Feb 21 09:33:21 >> 2017 (r314035) >> +++ head/usr.sbin/bsdinstall/scripts/hardening Tue Feb 21 09:37:33 >> 2017 (r314036) >> @@ -36,15 +36,15 @@ FEATURES=$( dialog --backtitle "FreeBSD >> --title "System Hardening" --nocancel --separate-output \ >> --checklist "Choose system security hardening options:" \ >> 0 0 0 \ >> - "0 hide_uids" "Hide processes running as other users" >> ${hide_uids:-off} \ >> - "1 hide_gids" "Hide processes running as other groups" >> ${hide_gids:-off} \ >> - "2 read_msgbuf" "Disable reading kernel message buffer for >> unprivileged users" ${read_msgbuf:-off} \ >> - "3 proc_debug" "Disable process debugging facilities for >> unprivileged users" ${proc_debug:-off} \ >> - "4 random_pid" "Randomize the PID of newly created processes" >> ${random_pid:-off} \ >> - "5 stack_guard" "Insert stack guard page ahead of the growable >> segments" ${stack_guard:-off} \ >> - "6 clear_tmp" "Clean the /tmp filesystem on system startup" >> ${clear_tmp:-off} \ >> - "7 disable_syslogd" "Disable opening Syslogd network socket >> (disables remote logging)" ${disable_syslogd:-off} \ >> - "8 disable_sendmail" "Disable Sendmail service" >> ${disable_sendmail:-off} \ >> + "0 hide_uids" "Hide processes running as other users" >> ${hide_uids:-on} \ >> + "1 hide_gids" "Hide processes running as other groups" >> ${hide_gids:-on} \ >> + "2 read_msgbuf" "Disable reading kernel message buffer for >> unprivileged users" ${read_msgbuf:-on} \ >> + "3 proc_debug" "Disable process debugging facilities for >> unprivileged users" ${proc_debug:-on} \ >> + "4 random_pid" "Randomize the PID of newly created processes" >> ${random_pid:-on} \ >> + "5 stack_guard" "Insert stack guard page ahead of the growable >> segments" ${stack_guard:-on} \ >> + "6 clear_tmp" "Clean the /tmp filesystem on system startup" >> ${clear_tmp:-on} \ >> + "7 disable_syslogd" "Disable opening Syslogd network socket >> (disables remote logging)" ${disable_syslogd:-on} \ >> + "8 disable_sendmail" "Disable Sendmail service" >> ${disable_sendmail:-on} \ >> 2>&1 1>&3 ) >> exec 3>&- >> >> >> > Hi Bartek, > > Thanks for working on making it easier to harden FreeBSD. While defaulting > some of these options to "on" seem pretty harmless (e.g. random_pid), > others are likely to cause confusion for new and experienced users alike > (e.g. proc_debug. I've never used that option before, so I gave it a try. > It simply causes gdb to hang when attempting to start a process, with no > obvious indication of why). I think more discussion is merited before they > are turned on by default; personally I think they have potential to sour a > first impression of FreeBSD by making things people are used to doing on > other OSes hard. The audience of these changes is not someone like you, who's using gdb daily. The audience is the new users who often don't know what they're doing, why they're doing that and how to do differently, especially when it comes to the security. Power users in most cases don't use bsdinstall to install their systems, they use automation of some sort to fine tune the OS exactly to their needs and use case, and in their case this change is transparent and doesn't affect them. What it affects is the default FreeBSD installation and our poor track record of default installation security and great track record for not changing and improving things just becuase they've been like that for past decade. Kind regards, Bartek Rutkowski