From owner-freebsd-current@FreeBSD.ORG  Thu Sep 30 18:49:09 2010
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 43129106564A
	for <freebsd-current@FreeBSD.org>; Thu, 30 Sep 2010 18:49:09 +0000 (UTC)
	(envelope-from rwatson@FreeBSD.org)
Received: from cyrus.watson.org (cyrus.watson.org [65.122.17.42])
	by mx1.freebsd.org (Postfix) with ESMTP id 1E5788FC1C
	for <freebsd-current@FreeBSD.org>; Thu, 30 Sep 2010 18:49:09 +0000 (UTC)
Received: from [192.168.2.105] (host86-161-142-69.range86-161.btcentralplus.com
	[86.161.142.69])
	by cyrus.watson.org (Postfix) with ESMTPSA id 2E61B46B2C;
	Thu, 30 Sep 2010 14:49:07 -0400 (EDT)
Mime-Version: 1.0 (Apple Message framework v1081)
Content-Type: text/plain; charset=us-ascii
From: "Robert N. M. Watson" <rwatson@FreeBSD.org>
In-Reply-To: <4CA4D496.6080604@icyb.net.ua>
Date: Thu, 30 Sep 2010 19:49:05 +0100
Content-Transfer-Encoding: quoted-printable
Message-Id: <99D3F3AD-27C1-45C4-B1FC-FFC8A63AF94D@FreeBSD.org>
References: <4CA4D496.6080604@icyb.net.ua>
To: Andriy Gapon <avg@icyb.net.ua>
X-Mailer: Apple Mail (2.1081)
Cc: freebsd-current@FreeBSD.org
Subject: Re: sysctls in kern_shutdown: add twin tunables
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Sep 2010 18:49:09 -0000


On 30 Sep 2010, at 19:19, Andriy Gapon wrote:

> http://people.freebsd.org/~avg/kern_shutdown-tunables.diff
>=20
> The above patch adds twin tunables for the following (R/W) sysctls:
> - debug.debugger_on_panic
> - debug.trace_on_panic
> - kern.sync_on_panic
>=20
> This seems useful to me, but I am not sure if I am not missing =
something
> important.  E.g. security-wise.
> It seems that I am not paranoid enough often times.


This change seems fine to me. Our trust model assumes that loader.conf =
will be properly protected (or rather, that if you don't protect =
loader.conf properly, you should expect unfortunate results).

Robert=