From owner-freebsd-hackers@freebsd.org Thu Dec 20 15:52:35 2018 Return-Path: Delivered-To: freebsd-hackers@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3F587134B3A9 for ; Thu, 20 Dec 2018 15:52:35 +0000 (UTC) (envelope-from shawn.webb@hardenedbsd.org) Received: from mail-lj1-x242.google.com (mail-lj1-x242.google.com [IPv6:2a00:1450:4864:20::242]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id A04288621E for ; Thu, 20 Dec 2018 15:52:33 +0000 (UTC) (envelope-from shawn.webb@hardenedbsd.org) Received: by mail-lj1-x242.google.com with SMTP id v1-v6so2022792ljd.0 for ; Thu, 20 Dec 2018 07:52:33 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hardenedbsd.org; s=google; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=bNW+QQLK/72Wd2a4tEi2o/wCl92L13/oKhbszHzZMMI=; b=eeeWH3MdgCqn2VOoo3NePx2EKwTqRW/CcJZisSyCIKGvlH+vF+ZePabHqd2RGJRas2 CABiEfne9GBGnEO/FR/XRfTDkKxUYaJxA8sNQawu3bu9YYbFlkMizZfhc5ef0/Nkzsm1 cUpJW3iaTA+jYDJkqFLP2IO5NqpfKMoHZhZyDXM4xm+bl/vS+p5j51uE/s/7+9gW5i8J ROZue0AhQYUVPdeELT+wZA9QiHtCCMdK/Qdhy4LkctG2Y96ugYCt+5CnzTlEtgXQn0JY Q3FCFY04XnjrVzze0naHpU8IVIB+UgHy3/5/kkSpk5jWLQ6aYnMg2blFkhcnbQ8gQugn 3qvA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=bNW+QQLK/72Wd2a4tEi2o/wCl92L13/oKhbszHzZMMI=; b=i8kk5hN0UBqal873xA5GTQFykr88DfadPkDJchyC3DfvLIQjoDtuqvHlOiK2v6YtMk IHyoEH/w/bP+wspCqaPYKdbv31Q3WDNrwIUxHYi2SlGDeDa1e+LnLB+NwodSazASxSnO Qb5MY16swxro/85rbHJ6nJ6pvytCJzAVRZI3nYZqTJAd2uvOEo6o3GrhVKEJUNSDV03r KYlsVukXXcms7kg32iximwbP2fqS3G5q257hBOsc1s15Zgz+xoEDWESLcoGY+jcnqmcW 30nD+F4og5FtmGYVGdHW1ifjrJPfLsJmFEQgptKJSqQoOHgjliW/crSRbUkEyXEjbrbd smZA== X-Gm-Message-State: AA+aEWb9CjHOaBm8eIqV/tdqRfQHAiKPubzW21/jo8qdjDrXzOlZngvY 6n93zNxRQxU6p8zUWbIVQhKe4A== X-Google-Smtp-Source: AFSGD/WadwpBOYvhu9tpEYRPlm/qgWNZ/0hRZKaDs7uX04HUjyX367YV8XxNRTNxRO1QRpmMa1zW9Q== X-Received: by 2002:a2e:4746:: with SMTP id u67-v6mr15422848lja.142.1545321152125; Thu, 20 Dec 2018 07:52:32 -0800 (PST) Received: from mutt-hbsd (tor-exit-node-ovh.analord.ml. [51.75.253.147]) by smtp.gmail.com with ESMTPSA id m63-v6sm4759618lje.81.2018.12.20.07.52.28 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Thu, 20 Dec 2018 07:52:31 -0800 (PST) Date: Thu, 20 Dec 2018 10:51:37 -0500 From: Shawn Webb To: Martin Wilke Cc: freebsd-hackers@FreeBSD.org, Joe Maloney , Marcelo Araujo , ken@ixsystems.com, kmoore@FreeBSD.org, wblock@FreeBSD.org Subject: Re: OpenRC on FreeBSD Message-ID: <20181220155137.4wze3ci4lypw47od@mutt-hbsd> References: <397FBAFF-2575-4AE4-B2BC-2DFDA769040A@FreeBSD.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="dwar3i3dxczvy5wt" Content-Disposition: inline In-Reply-To: <397FBAFF-2575-4AE4-B2BC-2DFDA769040A@FreeBSD.org> X-Operating-System: FreeBSD mutt-hbsd 13.0-CURRENT FreeBSD 13.0-CURRENT HARDENEDBSD-13-CURRENT amd64 X-PGP-Key: http://pgp.mit.edu/pks/lookup?op=vindex&search=0x6A84658F52456EEE User-Agent: NeoMutt/20180716 X-Rspamd-Queue-Id: A04288621E X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=hardenedbsd.org header.s=google header.b=eeeWH3Md; spf=pass (mx1.freebsd.org: domain of shawn.webb@hardenedbsd.org designates 2a00:1450:4864:20::242 as permitted sender) smtp.mailfrom=shawn.webb@hardenedbsd.org X-Spamd-Result: default: False [-4.68 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_DKIM_ALLOW(-0.20)[hardenedbsd.org:s=google]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2a00:1450:4000::/36]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.20)[multipart/signed,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-hackers@freebsd.org]; DMARC_NA(0.00)[hardenedbsd.org]; RCVD_COUNT_THREE(0.00)[3]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[hardenedbsd.org:+]; MX_GOOD(-0.01)[alt1.aspmx.l.google.com,aspmx.l.google.com,aspmx2.googlemail.com,alt2.aspmx.l.google.com,aspmx3.googlemail.com]; RCPT_COUNT_SEVEN(0.00)[7]; RCVD_IN_DNSWL_NONE(0.00)[2.4.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.5.4.1.0.0.a.2.list.dnswl.org : 127.0.5.0]; SIGNED_PGP(-2.00)[]; NEURAL_HAM_SHORT(-0.58)[-0.584,0]; FROM_EQ_ENVFROM(0.00)[]; MID_RHS_NOT_FQDN(0.50)[]; MIME_TRACE(0.00)[0:+,1:+]; ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US]; RCVD_TLS_LAST(0.00)[]; IP_SCORE(0.01)[ip: (3.17), ipnet: 2a00:1450::/32(-1.61), asn: 15169(-1.41), country: US(-0.08)] X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Dec 2018 15:52:35 -0000 --dwar3i3dxczvy5wt Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Dec 19, 2018 at 10:36:04PM +0800, Martin Wilke wrote: > Service supervision and service monitoring: any service can be supervised= =2E Supervised services that crash are automatically restarted. The rc-stat= us command shows how many times a service has restarted. Can automatic restart be globally disabled? Automatic restart can cause security issues, especially in operating systems without modern exploit mitigations. Thanks, --=20 Shawn Webb Cofounder and Security Engineer HardenedBSD Tor-ified Signal: +1 443-546-8752 Tor+XMPP+OTR: lattera@is.a.hacker.sx GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE --dwar3i3dxczvy5wt Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEKrq2ve9q9Ia+iT2eaoRlj1JFbu4FAlwbuoQACgkQaoRlj1JF bu6ZZg//aAjrEstZxW7on8wHbgJYjnaf5pk5d561EqcLstAQ3R9kbTTCsvwVvupu whrdFDCUGvyJovCWKKvo1tqFM9vCgSYih1fq9FRqZqmq8XGWAgwfIgQyeuWoLyHD 2/+yuTx1K8ojzabBcBVFTB2Ltf2MIDkfTkxbZjIgkSJfl0N+Hhzx1xAkEF6PlO1w /DQJNWkgJLRpQQxreKdCGS4XVqgrtuVQdk3XqUloaOTTqxK6k2dUer9VvZUC6muq rM61pFZQGeIHLR4JXD5hAtneHVr/XrVc2pPjZFuSMb9+8yxH+LJUCgVBuZYIpomq MtdJZpat/lEqlU+0PdhGdCaCAdxWTCaMuGrE3xAyBQJ9WT7YV+fdXhHqc9RTQPla TC8zXsadLrDw/On2HLBg7QZIcuycEl5fVhJ8hxD6KXibPpAtk94t7VF1IlY7HjJJ 8ThgnxUhv+8piYxUrU0A2BJJU+KfXWm1jh4tNJfnTKtNGUPZafH8HQ64XMDzjs/i kijCJmY8J0MyjPeDO00mDNF1yYIxsCOCFFPfGP3I0TgfqSNEGyHxDhIUifUHowl6 434qNwcx/VBnbSnXf38jgb7RSurVXJBPwDhYwB7f7L/Zuw2DVQAg1LE1VBYlWJgo MPIid7LoGP96kPkb79KcJbtJc7Dl5QJF8VGVKwWXbZJMbTRbyYE= =o0k5 -----END PGP SIGNATURE----- --dwar3i3dxczvy5wt--