From owner-freebsd-security@freebsd.org  Wed Oct 26 12:12:50 2016
Return-Path: <owner-freebsd-security@freebsd.org>
Delivered-To: freebsd-security@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id BF18DC22A0A
 for <freebsd-security@mailman.ysv.freebsd.org>;
 Wed, 26 Oct 2016 12:12:50 +0000 (UTC)
 (envelope-from tomek.cedro@gmail.com)
Received: from mail-wm0-x234.google.com (mail-wm0-x234.google.com
 [IPv6:2a00:1450:400c:c09::234])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 51587F3A;
 Wed, 26 Oct 2016 12:12:50 +0000 (UTC)
 (envelope-from tomek.cedro@gmail.com)
Received: by mail-wm0-x234.google.com with SMTP id d128so82004656wmf.1;
 Wed, 26 Oct 2016 05:12:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:sender:in-reply-to:references:from:date:message-id
 :subject:to:cc:content-transfer-encoding;
 bh=f8X2eGDlBMZMrXYkMypbCf74+z+H4FRKAOdTtUbB9sA=;
 b=FoNFMIYcOcnA5YiWUFWxji6U+VKRgFvEECyjZ/KvqNJQFf/z+67sx+ZzarRC0mWux8
 /rIU2SHVF7ut0eVTh7xHBRjMAuUtGZx7+Rdy6IikRQldUCvWzusTPmy2SAdOp1limCri
 MpwMWzCwKDTkQlaG2HYfKHeibVTochAl9gbtXbKeck7UlFuX2pSNQVtdp0L13uSRUXG3
 NZqG5kZs+MIBEnOOqukeC1dDHLDIS1b3gXEV1uN31VNjDO8MMHpDLaUwPHLMf/ai06Vl
 o+A9f+1GIx+Xh/iuMLSy4H5fquG2GJN83APMLtgIC9kE4IBPDrAcUg9Mz8pcx7sNzQkL
 wUoA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:mime-version:sender:in-reply-to:references:from
 :date:message-id:subject:to:cc:content-transfer-encoding;
 bh=f8X2eGDlBMZMrXYkMypbCf74+z+H4FRKAOdTtUbB9sA=;
 b=HNrihkETll5cD2jfOjwI5DqWyNHPRvhMMxx1AGwbCjytpBibj0P4ah8HNV+QojPBN2
 O6Tho3dMMiKaQFJzkIBuwDvtMgd3G0mpFb61SEy027gg6zxSHo9usz9i/iXwAPjb6DhH
 jsx9+mGETDX2jgjZc0yEbMnVToE2lGlIarmX76X87cmjVG7QcPF9KElEYVsNRX/qJXBy
 igLHnJ80v4F16GDtFRznw396jO9y405lyhcCigF5UgcUW4LVW9vHCvfqiU8GIeM1mPTA
 mL5vR5tRBd6ny8OqjFvaPETj1njUBUcZK3cXrN7rYUzwsmtp2FsH1nzlToPDQopd2b+Y
 MDpg==
X-Gm-Message-State: ABUngvcT5UfaTDilvnIDEp3E47w/zV9IaHzgEdOSrGmZfha9GYTSwkfueSly9C9E1spSViC+WxTVzRgTKEdIsg==
X-Received: by 10.194.85.229 with SMTP id k5mr1986213wjz.22.1477483968792;
 Wed, 26 Oct 2016 05:12:48 -0700 (PDT)
MIME-Version: 1.0
Sender: tomek.cedro@gmail.com
Received: by 10.28.178.132 with HTTP; Wed, 26 Oct 2016 05:12:28 -0700 (PDT)
In-Reply-To: <864m3zwdro.fsf@desk.des.no>
References: <20161025173641.BCDFD1911@freefall.freebsd.org>
 <20161026042748.GG60006@garage.freebsd.pl>
 <CAGMYy3v8KxuQfou0SmUNikghH-9NWfneoMPP_15F85WkDaUhKg@mail.gmail.com>
 <20161026061504.GH60006@garage.freebsd.pl>
 <0717BEFA-4E65-4990-AC50-FD80681C110C@FreeBSD.org>
 <CAFYkXjn39kKzcTY-pJObaVz8OGqbzCHE69kYAmRYtz5OX2kpAQ@mail.gmail.com>
 <868ttbwio9.fsf@desk.des.no>
 <CAFYkXjmYCLyQi-PHNtcP2-AALH=2QRwAWBoQDtypUvBtekTFag@mail.gmail.com>
 <864m3zwdro.fsf@desk.des.no>
From: CeDeROM <cederom@tlen.pl>
Date: Wed, 26 Oct 2016 14:12:28 +0200
X-Google-Sender-Auth: jkMliTnjcZ4iCcaQPvdinnPe2I8
Message-ID: <CAFYkXjmgvNz_LpkSJq7AeQp94oXJYvKcttFrYVKLEmmEvwNhkA@mail.gmail.com>
Subject: Re: FreeBSD Security Advisory FreeBSD-SA-16:15.sysarch [REVISED]
To: =?UTF-8?Q?Dag=2DErling_Sm=C3=B8rgrav?= <des@des.no>
Cc: "Robert N. M. Watson" <rwatson@freebsd.org>, freebsd-security@freebsd.org, 
 Pawel Jakub Dawidek <pjd@freebsd.org>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Oct 2016 12:12:50 -0000

On Wed, Oct 26, 2016 at 1:28 PM, Dag-Erling Sm=C3=B8rgrav <des@des.no> wrot=
e:
> That's like asking for a list of ways you can hurt yourself in your own
> home.  I could list a hundred, and there would still be thousands more I
> didn't think of.

I think it would be nice to have something like CIS Benchmark for
FreeBSD.. It could assess local settings and security. There are for
Linux, Windows, ... if we find anything disturbing we could simply
create and add a benchmark and recommendation for others to implement
and verify.. that could be nice complementary to SA / kernel patch at
admin level.

It works for others. It could work here :-)

--=20
CeDeROM, SQ7MHZ, http://www.tomek.cedro.info