From owner-svn-src-head@freebsd.org Wed Feb 22 07:53:13 2017 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 31A59CE9450 for ; Wed, 22 Feb 2017 07:53:13 +0000 (UTC) (envelope-from r@robakdesign.com) Received: from mail-vk0-f46.google.com (mail-vk0-f46.google.com [209.85.213.46]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id E22BF1C50 for ; Wed, 22 Feb 2017 07:53:12 +0000 (UTC) (envelope-from r@robakdesign.com) Received: by mail-vk0-f46.google.com with SMTP id r136so1860943vke.1 for ; Tue, 21 Feb 2017 23:53:12 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=eAqBaoLHZ1mGDmUqB0Yf+wDCiU2DD6WvkFTVgVOegt0=; b=soOFnP26Qkiulo5Cdm5Tkd5MN49Ya44L8D6UX+PKfWrBTIvgWrJZTnaVYLOE0tmXik QOriSfQwX1MPMWjAAPPRPUv41ex0GlSHS3ZjD/BJ313XbgXxS/euLiCtw3koXQUqwqM+ swCe1s91GcXhd+8rnDe0cmysrJgkWhswKnn9h5SCvQHaY6FH5hmT8dQiDFjwfiAGdyBn VQ8s9+gyZlD+ubPGraYIBysx/2WVqVpguMMVjfwpIx4cdnejVerLgIqlt/PEkItXWlHt K39K6uXzvi/QcANEIa94CKCmjp8pZxLgIABomZcu7je/O9z1xhXbQuxgy19AhnvN1g3x 0ydw== X-Gm-Message-State: AMke39kkZluQjeKvCWTi/M7P1XRIZ/0ZlGid7/Kl5uRDrRw/Se8iiL1EtlxfIGcKVMDSXA== X-Received: by 10.31.213.7 with SMTP id m7mr13105670vkg.48.1487749986077; Tue, 21 Feb 2017 23:53:06 -0800 (PST) Received: from mail-ua0-f172.google.com (mail-ua0-f172.google.com. [209.85.217.172]) by smtp.gmail.com with ESMTPSA id u2sm103897vkb.19.2017.02.21.23.53.05 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 21 Feb 2017 23:53:05 -0800 (PST) Received: by mail-ua0-f172.google.com with SMTP id c32so2134850uac.1 for ; Tue, 21 Feb 2017 23:53:05 -0800 (PST) X-Received: by 10.176.82.86 with SMTP id j22mr5162884uaa.126.1487749985470; Tue, 21 Feb 2017 23:53:05 -0800 (PST) MIME-Version: 1.0 Received: by 10.103.19.131 with HTTP; Tue, 21 Feb 2017 23:52:45 -0800 (PST) In-Reply-To: <28a4cf5e-2edd-3e30-9ecd-817f886e9ea3@FreeBSD.org> References: <201702210937.v1L9bY6V093836@repo.freebsd.org> <28a4cf5e-2edd-3e30-9ecd-817f886e9ea3@FreeBSD.org> From: =?UTF-8?Q?Bart=C5=82omiej_Rutkowski?= Date: Wed, 22 Feb 2017 07:52:45 +0000 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: svn commit: r314036 - head/usr.sbin/bsdinstall/scripts To: Eric Badger Cc: Bartek Rutkowski , src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.23 X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Feb 2017 07:53:13 -0000 On Tue, Feb 21, 2017 at 2:34 PM, Eric Badger wrote: > On 02/21/2017 03:37 AM, Bartek Rutkowski wrote: > >> Author: robak (ports committer) >> Date: Tue Feb 21 09:37:33 2017 >> New Revision: 314036 >> URL: https://svnweb.freebsd.org/changeset/base/314036 >> >> Log: >> Enable bsdinstall hardening options by default. >> >> As discussed previously, in order to introduce new OS hardening >> defaults, we've added them to bsdinstall in 'off by default' mode. >> It has been there for a while, so the next step is to change them >> to 'on by defaul' mode, so that in future we could simply enable >> them in base OS. >> >> Reviewed by: brd >> Approved by: adrian >> Differential Revision: https://reviews.freebsd.org/D9641 >> >> Modified: >> head/usr.sbin/bsdinstall/scripts/hardening >> >> Modified: head/usr.sbin/bsdinstall/scripts/hardening >> ============================================================ >> ================== >> --- head/usr.sbin/bsdinstall/scripts/hardening Tue Feb 21 09:33:21 >> 2017 (r314035) >> +++ head/usr.sbin/bsdinstall/scripts/hardening Tue Feb 21 09:37:33 >> 2017 (r314036) >> @@ -36,15 +36,15 @@ FEATURES=$( dialog --backtitle "FreeBSD >> --title "System Hardening" --nocancel --separate-output \ >> --checklist "Choose system security hardening options:" \ >> 0 0 0 \ >> - "0 hide_uids" "Hide processes running as other users" >> ${hide_uids:-off} \ >> - "1 hide_gids" "Hide processes running as other groups" >> ${hide_gids:-off} \ >> - "2 read_msgbuf" "Disable reading kernel message buffer for >> unprivileged users" ${read_msgbuf:-off} \ >> - "3 proc_debug" "Disable process debugging facilities for >> unprivileged users" ${proc_debug:-off} \ >> - "4 random_pid" "Randomize the PID of newly created processes" >> ${random_pid:-off} \ >> - "5 stack_guard" "Insert stack guard page ahead of the growable >> segments" ${stack_guard:-off} \ >> - "6 clear_tmp" "Clean the /tmp filesystem on system startup" >> ${clear_tmp:-off} \ >> - "7 disable_syslogd" "Disable opening Syslogd network socket >> (disables remote logging)" ${disable_syslogd:-off} \ >> - "8 disable_sendmail" "Disable Sendmail service" >> ${disable_sendmail:-off} \ >> + "0 hide_uids" "Hide processes running as other users" >> ${hide_uids:-on} \ >> + "1 hide_gids" "Hide processes running as other groups" >> ${hide_gids:-on} \ >> + "2 read_msgbuf" "Disable reading kernel message buffer for >> unprivileged users" ${read_msgbuf:-on} \ >> + "3 proc_debug" "Disable process debugging facilities for >> unprivileged users" ${proc_debug:-on} \ >> + "4 random_pid" "Randomize the PID of newly created processes" >> ${random_pid:-on} \ >> + "5 stack_guard" "Insert stack guard page ahead of the growable >> segments" ${stack_guard:-on} \ >> + "6 clear_tmp" "Clean the /tmp filesystem on system startup" >> ${clear_tmp:-on} \ >> + "7 disable_syslogd" "Disable opening Syslogd network socket >> (disables remote logging)" ${disable_syslogd:-on} \ >> + "8 disable_sendmail" "Disable Sendmail service" >> ${disable_sendmail:-on} \ >> 2>&1 1>&3 ) >> exec 3>&- >> >> >> > Hi Bartek, > > Thanks for working on making it easier to harden FreeBSD. While defaulting > some of these options to "on" seem pretty harmless (e.g. random_pid), > others are likely to cause confusion for new and experienced users alike > (e.g. proc_debug. I've never used that option before, so I gave it a try. > It simply causes gdb to hang when attempting to start a process, with no > obvious indication of why). I think more discussion is merited before they > are turned on by default; personally I think they have potential to sour a > first impression of FreeBSD by making things people are used to doing on > other OSes hard. The audience of these changes is not someone like you, who's using gdb daily. The audience is the new users who often don't know what they're doing, why they're doing that and how to do differently, especially when it comes to the security. Power users in most cases don't use bsdinstall to install their systems, they use automation of some sort to fine tune the OS exactly to their needs and use case, and in their case this change is transparent and doesn't affect them. What it affects is the default FreeBSD installation and our poor track record of default installation security and great track record for not changing and improving things just becuase they've been like that for past decade. Kind regards, Bartek Rutkowski