From owner-svn-src-all@freebsd.org Tue Aug 9 15:57:38 2016 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 65984BB2A81; Tue, 9 Aug 2016 15:57:38 +0000 (UTC) (envelope-from skreuzer@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 1E3F11327; Tue, 9 Aug 2016 15:57:38 +0000 (UTC) (envelope-from skreuzer@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u79Fvb43084486; Tue, 9 Aug 2016 15:57:37 GMT (envelope-from skreuzer@FreeBSD.org) Received: (from skreuzer@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id u79FvbOq084485; Tue, 9 Aug 2016 15:57:37 GMT (envelope-from skreuzer@FreeBSD.org) Message-Id: <201608091557.u79FvbOq084485@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: skreuzer set sender to skreuzer@FreeBSD.org using -f From: Steven Kreuzer Date: Tue, 9 Aug 2016 15:57:37 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r303877 - head/usr.sbin/bsdinstall/scripts X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Aug 2016 15:57:38 -0000 Author: skreuzer (doc,ports committer) Date: Tue Aug 9 15:57:37 2016 New Revision: 303877 URL: https://svnweb.freebsd.org/changeset/base/303877 Log: Write kern.randompid to /etc/sysctl.conf PR: 211471 Reported by: survo@protonmail.com Reviewed by: robak@ Approved by: allanjude@ MFC after: 3 days Differential Revision: https://reviews.freebsd.org/D7440 Modified: head/usr.sbin/bsdinstall/scripts/hardening Modified: head/usr.sbin/bsdinstall/scripts/hardening ============================================================================== --- head/usr.sbin/bsdinstall/scripts/hardening Tue Aug 9 15:56:33 2016 (r303876) +++ head/usr.sbin/bsdinstall/scripts/hardening Tue Aug 9 15:57:37 2016 (r303877) @@ -29,6 +29,7 @@ : ${DIALOG_OK=0} echo -n > $BSDINSTALL_TMPETC/rc.conf.hardening +echo -n > $BSDINSTALL_TMPETC/sysctl.conf.hardening exec 3>&1 FEATURES=$( dialog --backtitle "FreeBSD Installer" \ @@ -39,7 +40,7 @@ FEATURES=$( dialog --backtitle "FreeBSD "hide_gids" "Hide processes running as other groups" ${hide_gids:-off} \ "read_msgbuf" "Disable reading kernel message buffer for unprivileged users" ${read_msgbuf:-off} \ "proc_debug" "Disable process debugging facilities for unprivileged users" ${proc_debug:-off} \ - "random_pid" "Randomize the PID of newly created processes" ${random_id:-off} \ + "random_pid" "Randomize the PID of newly created processes" ${random_pid:-off} \ "stack_guard" "Insert stack guard page ahead of the growable segments" ${stack_guard:-off} \ "clear_tmp" "Clean the /tmp filesystem on system startup" ${clear_tmp:-off} \ "disable_syslogd" "Disable opening Syslogd network socket (disables remote logging)" ${disable_syslogd:-off} \ @@ -60,7 +61,7 @@ for feature in $FEATURES; do if [ "$feature" = "proc_debug" ]; then echo security.bsd.unprivileged_proc_debug=0 >> $BSDINSTALL_TMPETC/sysctl.conf.hardening fi - if [ "$feature" = "random_id" ]; then + if [ "$feature" = "random_pid" ]; then echo kern.randompid=$(jot -r 1 9999) >> $BSDINSTALL_TMPETC/sysctl.conf.hardening fi if [ "$feature" = "stack_guard" ]; then