Date: Wed, 22 Feb 2017 10:13:41 -0800 From: Conrad Meyer <cem@freebsd.org> To: Slawa Olhovchenkov <slw@zxy.spb.ru> Cc: =?UTF-8?Q?Bart=C5=82omiej_Rutkowski?= <robak@freebsd.org>, src-committers <src-committers@freebsd.org>, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r314036 - head/usr.sbin/bsdinstall/scripts Message-ID: <CAG6CVpW=QbTwC%2BkRx4K2WJ5GJsA72_ZHZpOMrJs9BTw5q1KX7A@mail.gmail.com> In-Reply-To: <20170222180541.GG15630@zxy.spb.ru> References: <201702210937.v1L9bY6V093836@repo.freebsd.org> <28a4cf5e-2edd-3e30-9ecd-817f886e9ea3@FreeBSD.org> <20170221144002.GA87822@FreeBSD.org> <CAGFrfxaoQccZAt%2BRowF2eH5TS0poJUojhHMe=JFfutwoabhBDQ@mail.gmail.com> <20170222112335.GA29481@ymer.vnode.se> <CAG6CVpXhEStzrORrOEgpdZ_8p%2BNN8WL_ob18D2927Mkp2CS36A@mail.gmail.com> <20170222180541.GG15630@zxy.spb.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Feb 22, 2017 at 10:05 AM, Slawa Olhovchenkov <slw@zxy.spb.ru> wrote= : > On Wed, Feb 22, 2017 at 08:11:14AM -0800, Conrad Meyer wrote: > >> On Wed, Feb 22, 2017 at 3:23 AM, Joel Dahl <joel@vnode.se> wrote: >> > On Wed, Feb 22, 2017 at 07:56:52AM +0000, Bart=C5=82omiej Rutkowski wr= ote: >> >> I strongly believe we should, by default, ship as secured and hardene= d as >> >> possible in order to improve overall security of new users installati= ons. >> >> Power users will and do change the OS as they please, they most likel= y >> >> don't use bsdinstall in first place, so they're not affected in any w= ay. >> > >> > Sorry, I strongly disagree with that. I'm most likely a "power user" a= nd I use >> > bsdinstall. >> >> Ditto. I'm also unfamiliar enough with the installer to trip on this >> kind of thing. Slawa's proposed "disable all" option would be fine. > > My english not enought fluent for more explicate proposal, from my > point most of this options do hardened in only limited cases, for > other cases same options do system more un-hardened by force working > as root. Some have unevident effects (/tmp cleaning, for example). Yep. I am not concerned about disabling sendmail or remote syslog by default, though. > For many users this options will be source of weird issuses (gdb don't > work? fucking ugly freebsd! migrate to linux). Yeah, I am concerned about this too. (Also: "ps doesn't work" would be a big newbie sysadmin headache.) > This is evil trend of enforcing weird solutions under the auspices of > 'my safety': airport security check, backgound check on every point, > lawfull intercept, block access to hardware management in safety > enviroment by 'leak ecnription'. I am enoght smart for self-sufficient > security risk assessment! > > Industry already have at some "hardened" BSD: OpenBSD and HardenedBSD. > Waht about market share? Best, Conrad
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAG6CVpW=QbTwC%2BkRx4K2WJ5GJsA72_ZHZpOMrJs9BTw5q1KX7A>