From owner-svn-src-all@freebsd.org  Wed Feb 22 07:57:25 2017
Return-Path: <owner-svn-src-all@freebsd.org>
Delivered-To: svn-src-all@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 205D0CE94F4
 for <svn-src-all@mailman.ysv.freebsd.org>;
 Wed, 22 Feb 2017 07:57:25 +0000 (UTC)
 (envelope-from r@robakdesign.com)
Received: from mail-vk0-f51.google.com (mail-vk0-f51.google.com
 [209.85.213.51])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id D34001DF7
 for <svn-src-all@freebsd.org>; Wed, 22 Feb 2017 07:57:24 +0000 (UTC)
 (envelope-from r@robakdesign.com)
Received: by mail-vk0-f51.google.com with SMTP id t8so1879839vke.3
 for <svn-src-all@freebsd.org>; Tue, 21 Feb 2017 23:57:24 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:in-reply-to:references:from:date
 :message-id:subject:to:cc;
 bh=yolw5lcLdS6vr4ExtZAM3SP8T6t28RINiRIcMWMcKqE=;
 b=cGLoUzVRgARqzabCgkfmq/Nl2vm++oC7mhYSqPWf1ttsNE5n2ro3KVI2zVIaZRpjKX
 YrYtPXoNhe+QG6IBzOL59IvhaFJXRUa27YigVvv6N+LiwzyEPmvw85vryHu/jfpdr7PG
 77qEhdRGgl14/RmCNGDlVRJtnaSGho7RLLvISjue73EkVeUtyM6hN4wsYXwRQWn6cNml
 qapOtyOih+1MhpdqZmhv6e0LlaTQdq+N+7K4Bw7pXEZQTcWYKvSt+ykwPsf7Aci4WBxO
 19FRCyhhbG0yTBfYbchwj4tWvwMLQyx2cAqJ+JoWgCvTxfPmWNYAxoDXk2vOjJSEP2qr
 Q0Qw==
X-Gm-Message-State: AMke39mk5fMs9OznbUQTI3KAV3wivgFd3lbWrpW3Jyw1fuw8xE7PdcWLXc/SMQ6+uVBRwA==
X-Received: by 10.31.64.3 with SMTP id n3mr13869668vka.37.1487750238107;
 Tue, 21 Feb 2017 23:57:18 -0800 (PST)
Received: from mail-ua0-f180.google.com (mail-ua0-f180.google.com.
 [209.85.217.180])
 by smtp.gmail.com with ESMTPSA id l81sm96931vke.36.2017.02.21.23.57.13
 for <svn-src-all@freebsd.org>
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Tue, 21 Feb 2017 23:57:13 -0800 (PST)
Received: by mail-ua0-f180.google.com with SMTP id 40so2168021uau.2
 for <svn-src-all@freebsd.org>; Tue, 21 Feb 2017 23:57:13 -0800 (PST)
X-Received: by 10.176.69.5 with SMTP id r5mr10251047uar.56.1487750233216; Tue,
 21 Feb 2017 23:57:13 -0800 (PST)
MIME-Version: 1.0
Received: by 10.103.19.131 with HTTP; Tue, 21 Feb 2017 23:56:52 -0800 (PST)
In-Reply-To: <20170221144002.GA87822@FreeBSD.org>
References: <201702210937.v1L9bY6V093836@repo.freebsd.org>
 <28a4cf5e-2edd-3e30-9ecd-817f886e9ea3@FreeBSD.org>
 <20170221144002.GA87822@FreeBSD.org>
From: =?UTF-8?Q?Bart=C5=82omiej_Rutkowski?= <robak@freebsd.org>
Date: Wed, 22 Feb 2017 07:56:52 +0000
X-Gmail-Original-Message-ID: <CAGFrfxaoQccZAt+RowF2eH5TS0poJUojhHMe=JFfutwoabhBDQ@mail.gmail.com>
Message-ID: <CAGFrfxaoQccZAt+RowF2eH5TS0poJUojhHMe=JFfutwoabhBDQ@mail.gmail.com>
Subject: Re: svn commit: r314036 - head/usr.sbin/bsdinstall/scripts
To: Alexey Dokuchaev <danfe@freebsd.org>
Cc: Eric Badger <badger@freebsd.org>, Bartek Rutkowski <robak@freebsd.org>,
 src-committers@freebsd.org, 
 svn-src-all@freebsd.org, svn-src-head@freebsd.org
Content-Type: text/plain; charset=UTF-8
X-Content-Filtered-By: Mailman/MimeDel 2.1.23
X-BeenThere: svn-src-all@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: "SVN commit messages for the entire src tree \(except for &quot;
 user&quot; and &quot; projects&quot; \)" <svn-src-all.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-all/>
List-Post: <mailto:svn-src-all@freebsd.org>
List-Help: <mailto:svn-src-all-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Feb 2017 07:57:25 -0000

On Tue, Feb 21, 2017 at 2:40 PM, Alexey Dokuchaev <danfe@freebsd.org> wrote:

> On Tue, Feb 21, 2017 at 08:34:29AM -0600, Eric Badger wrote:
> > Thanks for working on making it easier to harden FreeBSD. While
> > defaulting some of these options to "on" seem pretty harmless (e.g.
> > random_pid), others are likely to cause confusion for new and
> > experienced users alike (e.g. proc_debug. I've never used that option
> > before, so I gave it a try. It simply causes gdb to hang when attempting
> > to start a process, with no obvious indication of why).
>
> I concur.  In fact, harmless knobs should probably be turned on by default
> in FreeBSD itself (i.e., without any "hardening" help from the installer),
> while more intrusive ones should be opt-in, not opt-out.
>
> ./danfe
>

I strongly believe we should, by default, ship as secured and hardened as
possible in order to improve overall security of new users installations.
Power users will and do change the OS as they please, they most likely
don't use bsdinstall in first place, so they're not affected in any way.
These options have been around forever, used by a lot of users (once they
got to know those even exist) and seem to cause no issues. However, despite
that, and numerous discussions and mail threads over the years, we've
struggled to enable them and, as you can se, we even struggle to present
and make them available via installer. That's bad and I aim to change it :)

Kind regards,
Bartek Rutkowski