From owner-freebsd-audit  Mon Nov 29 18: 5:48 1999
Delivered-To: freebsd-audit@freebsd.org
Received: from apollo.backplane.com (apollo.backplane.com [216.240.41.2])
	by hub.freebsd.org (Postfix) with ESMTP
	id E17AC14A21; Mon, 29 Nov 1999 18:05:16 -0800 (PST)
	(envelope-from dillon@apollo.backplane.com)
Received: (from dillon@localhost)
	by apollo.backplane.com (8.9.3/8.9.1) id SAA13833;
	Mon, 29 Nov 1999 18:05:16 -0800 (PST)
	(envelope-from dillon)
Date: Mon, 29 Nov 1999 18:05:16 -0800 (PST)
From: Matthew Dillon <dillon@apollo.backplane.com>
Message-Id: <199911300205.SAA13833@apollo.backplane.com>
To: Kris Kennaway <kris@hub.freebsd.org>
Cc: Doug Barton <Doug@gorean.org>, Dan Moschuk <dan@FreeBSD.ORG>,
	arch@FreeBSD.ORG, audit@FreeBSD.ORG
Subject: Re: cvs commit: src/sys/i386/conf files.i386 src/sys/kern kern_fork.c
         src/sys/libkern arc4random.c src/sys/sys libkern.h
References:  <Pine.BSF.4.21.9911291751510.65191-100000@hub.freebsd.org>
Sender: owner-freebsd-audit@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

:There will probably end up being 20 or so randomized features in the
:kernel, most of them trivial (~1 line) patches. As long as they're
:sysctl'able, is it really necessary to have each of them optionable?

    What if we just has a general security randomization option that
    applied to all of them, and then a sysctl to cover each of them?
    That would cover my concerns.

					    -Matt



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message