Date: Wed, 22 Feb 2017 18:10:04 -0500 From: Allan Jude <allanjude@freebsd.org> To: Bryan Drewery <bdrewery@FreeBSD.org>, Bartek Rutkowski <robak@FreeBSD.org>, src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r314036 - head/usr.sbin/bsdinstall/scripts Message-ID: <5a98141c-5614-372c-5786-1437cc40011a@freebsd.org> In-Reply-To: <6550638c-a629-bf5e-65e0-672cfd125f73@FreeBSD.org> References: <201702210937.v1L9bY6V093836@repo.freebsd.org> <28a4cf5e-2edd-3e30-9ecd-817f886e9ea3@FreeBSD.org> <20170221144002.GA87822@FreeBSD.org> <20170222070733.GA29010@ymer.vnode.se> <6550638c-a629-bf5e-65e0-672cfd125f73@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --Qa6doX5Lnxo5F8ibkoBgl1oihMKl3Tqek Content-Type: multipart/mixed; boundary="jgF1GmIEimvwBt4RGHmK44TLqPoDBCe7M"; protected-headers="v1" From: Allan Jude <allanjude@freebsd.org> To: Bryan Drewery <bdrewery@FreeBSD.org>, Bartek Rutkowski <robak@FreeBSD.org>, src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Message-ID: <5a98141c-5614-372c-5786-1437cc40011a@freebsd.org> Subject: Re: svn commit: r314036 - head/usr.sbin/bsdinstall/scripts References: <201702210937.v1L9bY6V093836@repo.freebsd.org> <28a4cf5e-2edd-3e30-9ecd-817f886e9ea3@FreeBSD.org> <20170221144002.GA87822@FreeBSD.org> <20170222070733.GA29010@ymer.vnode.se> <6550638c-a629-bf5e-65e0-672cfd125f73@FreeBSD.org> In-Reply-To: <6550638c-a629-bf5e-65e0-672cfd125f73@FreeBSD.org> --jgF1GmIEimvwBt4RGHmK44TLqPoDBCe7M Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable On 2017-02-22 15:26, Bryan Drewery wrote: > On 2/21/2017 11:07 PM, Joel Dahl wrote: >> On Tue, Feb 21, 2017 at 02:40:02PM +0000, Alexey Dokuchaev wrote: >>> On Tue, Feb 21, 2017 at 08:34:29AM -0600, Eric Badger wrote: >>>> Thanks for working on making it easier to harden FreeBSD. While >>>> defaulting some of these options to "on" seem pretty harmless (e.g. >>>> random_pid), others are likely to cause confusion for new and >>>> experienced users alike (e.g. proc_debug. I've never used that optio= n >>>> before, so I gave it a try. It simply causes gdb to hang when attemp= ting >>>> to start a process, with no obvious indication of why). >>> >>> I concur. In fact, harmless knobs should probably be turned on by de= fault >>> in FreeBSD itself (i.e., without any "hardening" help from the instal= ler), >>> while more intrusive ones should be opt-in, not opt-out. >> >> I agree. Can we back this out and discuss it on current@? >> >=20 > I concur. > In the original review for adding this I predicted today would come, > https://reviews.freebsd.org/D6826. I still think that it is very > under-designed and under-thought out. >=20 > I personally agree with hardening my system, but I have a number of > issues with this approach: >=20 > 1. It makes *1 installation* method do hardening, while every other > installation method, and *upgrade* methods not do hardening. So someon= e > upgrading from 11.0 to 12.0 won't get hardening, but someone installing= > from bsdinstall for 12.0 fresh will get it. There should not be a > distinction between our installation/upgrade methods like this. I agree with this point, and it was brought up by nwhitehorn in the very initial reviews. There may be some value in giving these knobs wider testing before turning them on, but -current may be a better place to do that. Core is soon to announce a more formalized way to discuss and reach consensus on these types of changes. robak@ can I ask that you back this out for now, and we use that process to determine what the right set of knobs to turn on by default is, and which should be up to the user. >=20 > 2. It ignores that FreeBSD is *generic Operating System* that serves > many workflows. Developers want all of this off, System Administrators= > want all of it on, and Desktop users may want a compromise of half of i= t > to allow various drivers to work (not pointing at any specific sysctl > right now). >=20 > I think what is really needed is a system profile that lets you pick th= e > workflow you are going to use the system for, and then set some > reasonable defaults from there. We will never all agree on the same > defaults because we all are using the systems differently, but we can > find some compromise if we make Use Cases, such as a System Profile > would entail. I think that is a far better approach, but I am not sure what form it would take. Maybe we can discuss as a working group at BSDCan or EuroBSDCon to hammer out a better system that the wide array of sysctls we have. Not just for these hardening ones, but even just for sizing things like the maximum number of file descriptors, default socket buffer sizes, etc.= 'Defaults for a web server' 'Defaults for a development laptop' 'Defaults for a poudriere build box' etc. >=20 > I too would like to see this backed out. >=20 --=20 Allan Jude --jgF1GmIEimvwBt4RGHmK44TLqPoDBCe7M-- --Qa6doX5Lnxo5F8ibkoBgl1oihMKl3Tqek Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (MingW32) iQIcBAEBAgAGBQJYrhpUAAoJEBmVNT4SmAt+XWsP+waz+aHzc1z8q9RdOwqVFfCT l2TP9AEuxCNmu53VLg6YQQScfr5bG50rw9cPu1CZbpaj2NFTTa+kDnIffS4hIgJa bA2uYih66nMWoyRzR6VWCXjPIWyj6ER/3IuDBY+bfBCss0qclA0EB1cXUuxanALn h6zeXCtkGxusnAfa0b3J3XIYwwoxeDXGSkVlIt/RjNtDHtezZVrE1kCBYAp1zBv8 L9IwAJHMjrrgk5CMnURdN28lqnM3O6a1JtjJC5SnHnw0mwqy8yCzXF7GFDBOUsko UjxTIkcYW+xr8DWOfM8xDjoiaJLkjhyouq6lkWBUR+LO1YUg/IceKwz9BvMQmiUB WRD3x9qrxCRpC2P+RtmbJZl655v9p7JywCGyEx8SvgQuG0ESx8Xy3podtuWtqwa5 /ttaETawC46q6xRqa0+VBdHTP0rkwyLrvGZ06tntaDWxLSNrCL3mgdvB6LuQMVad x4EohghsQg7G7JKPWfmwJtreJ0xV5WAfYRFjitPVmPRfqb/gbrUl4LUqaxbKjL5A ePUW/bpblPIsHTF4JKXq0u6rtkyf8izszSbkf7mAOK8oC8X6ePZsbX87tHrwC0Xc FKQPOnNf4WuVAUE+zTV3kgrtiym9HsRi84bVf052DnKp2T4ufSQINkpgv03So7od SW4gzXfEfGRU4sOfpPB/ =EQKw -----END PGP SIGNATURE----- --Qa6doX5Lnxo5F8ibkoBgl1oihMKl3Tqek--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5a98141c-5614-372c-5786-1437cc40011a>