From owner-svn-src-head@freebsd.org  Fri Jul 21 08:50:23 2017
Return-Path: <owner-svn-src-head@freebsd.org>
Delivered-To: svn-src-head@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id A339CD9D628;
 Fri, 21 Jul 2017 08:50:23 +0000 (UTC)
 (envelope-from robak@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 71CAC68883;
 Fri, 21 Jul 2017 08:50:23 +0000 (UTC)
 (envelope-from robak@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id v6L8oMle017009;
 Fri, 21 Jul 2017 08:50:22 GMT (envelope-from robak@FreeBSD.org)
Received: (from robak@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id v6L8oMBZ017008;
 Fri, 21 Jul 2017 08:50:22 GMT (envelope-from robak@FreeBSD.org)
Message-Id: <201707210850.v6L8oMBZ017008@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: robak set sender to
 robak@FreeBSD.org using -f
From: Bartek Rutkowski <robak@FreeBSD.org>
Date: Fri, 21 Jul 2017 08:50:22 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-head@freebsd.org
Subject: svn commit: r321326 - head/usr.sbin/bsdinstall/scripts
X-SVN-Group: head
X-SVN-Commit-Author: robak
X-SVN-Commit-Paths: head/usr.sbin/bsdinstall/scripts
X-SVN-Commit-Revision: 321326
X-SVN-Commit-Repository: base
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-head@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: SVN commit messages for the src tree for head/-current
 <svn-src-head.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-head/>
List-Post: <mailto:svn-src-head@freebsd.org>
List-Help: <mailto:svn-src-head-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Jul 2017 08:50:23 -0000

Author: robak (ports committer)
Date: Fri Jul 21 08:50:22 2017
New Revision: 321326
URL: https://svnweb.freebsd.org/changeset/base/321326

Log:
  Remove stack guard option from hardening menu.
  
  Since kib's change the stack guard is now ON by default,
  this option in hardening menu of bsdinstall is no longer needed.
  
  Submitted by:	Bartlomiej Rutkowski <robak@FreeBSD.org>
  Reviewed by:	bapt
  Approved by:	bapt
  MFC after:	1 day
  Sponsored by:	Pixeware LTD
  Differential Revision:	https://reviews.freebsd.org/D11686

Modified:
  head/usr.sbin/bsdinstall/scripts/hardening

Modified: head/usr.sbin/bsdinstall/scripts/hardening
==============================================================================
--- head/usr.sbin/bsdinstall/scripts/hardening	Fri Jul 21 07:44:43 2017	(r321325)
+++ head/usr.sbin/bsdinstall/scripts/hardening	Fri Jul 21 08:50:22 2017	(r321326)
@@ -42,11 +42,10 @@ FEATURES=$( dialog --backtitle "FreeBSD Installer" \
 	"3 read_msgbuf" "Disable reading kernel message buffer for unprivileged users" ${read_msgbuf:-off} \
 	"4 proc_debug" "Disable process debugging facilities for unprivileged users" ${proc_debug:-off} \
 	"5 random_pid" "Randomize the PID of newly created processes" ${random_pid:-off} \
-	"6 stack_guard" "Set stack guard buffer size to 2MB" ${stack_guard:-off} \
-	"7 clear_tmp" "Clean the /tmp filesystem on system startup" ${clear_tmp:-off} \
-	"8 disable_syslogd" "Disable opening Syslogd network socket (disables remote logging)" ${disable_syslogd:-off} \
-	"9 disable_sendmail" "Disable Sendmail service" ${disable_sendmail:-off} \
-	"10 secure_console" "Enable console password prompt" ${secure_console:-off} \
+	"6 clear_tmp" "Clean the /tmp filesystem on system startup" ${clear_tmp:-off} \
+	"7 disable_syslogd" "Disable opening Syslogd network socket (disables remote logging)" ${disable_syslogd:-off} \
+	"8 disable_sendmail" "Disable Sendmail service" ${disable_sendmail:-off} \
+	"9 secure_console" "Enable console password prompt" ${secure_console:-off} \
 2>&1 1>&3 )
 exec 3>&-
 
@@ -68,9 +67,6 @@ for feature in $FEATURES; do
 	fi
 	if [ "$feature" = "random_pid" ]; then
 		echo kern.randompid=$(jot -r 1 9999) >> $BSDINSTALL_TMPETC/sysctl.conf.hardening
-	fi
-	if [ "$feature" = "stack_guard" ]; then
-		echo security.bsd.stack_guard_page=512 >> $BSDINSTALL_TMPETC/sysctl.conf.hardening
 	fi
 	if [ "$feature" = "clear_tmp" ]; then
 		echo 'clear_tmp_enable="YES"' >> $BSDINSTALL_TMPETC/rc.conf.hardening