Date: Mon, 29 Nov 1999 13:27:42 -0800 (PST) From: Kris Kennaway <kris@hub.freebsd.org> To: Matthew Dillon <dillon@apollo.backplane.com> Cc: Dan Moschuk <dan@FreeBSD.org>, arch@freebsd.org, audit@freebsd.org Subject: Re: cvs commit: src/sys/i386/conf files.i386 src/sys/kern kern_fork.c src/sys/libkern arc4random.c src/sys/sys libkern.h Message-ID: <Pine.BSF.4.21.9911291319580.51314-100000@hub.freebsd.org> In-Reply-To: <199911292104.NAA09106@apollo.backplane.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 29 Nov 1999, Matthew Dillon wrote: > Hi Dan. Is it possible that we could adjust this feature to be enabled > with a config option? It seems to add a considerable amount of bulk to > the kernel that's deadweight for the people not using it. This raises some larger architectural issues which probably should be dealt with. Namely: * Changes which tighten security are arguably only useful if they're on by default, otherwise all the newbies will leave them off, and have (relatively speaking) insecure boxes. * Just what is the "scope" of the auditing project under which this change (and many others to come) falls? In other words, how much security do we (FreeBSD) want, and at what expense? Some of the OpenBSD changes have demonstrable security benefits, but they also carry a performance penalty. * Is adding a few bytes to the kernel size really an issue compared to the complexity of having 20 different config options to include/exclude various kernel security features? Personally, I'm quite happy with a policy of "include everything which doesn't have a large performance hit, by default, and have the rest defaulting to 'off' with a trivial way for people to turn it on", but maybe that's just me being a security weenie :-) Kris To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.9911291319580.51314-100000>