From owner-svn-src-head@freebsd.org  Wed Jul  5 17:37:32 2017
Return-Path: <owner-svn-src-head@freebsd.org>
Delivered-To: svn-src-head@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 87645D8BC97;
 Wed,  5 Jul 2017 17:37:32 +0000 (UTC)
 (envelope-from garga.bsd@gmail.com)
Received: from mail-qk0-x241.google.com (mail-qk0-x241.google.com
 [IPv6:2607:f8b0:400d:c09::241])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 3E647651A9;
 Wed,  5 Jul 2017 17:37:32 +0000 (UTC)
 (envelope-from garga.bsd@gmail.com)
Received: by mail-qk0-x241.google.com with SMTP id p21so32192202qke.0;
 Wed, 05 Jul 2017 10:37:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=sender:subject:to:references:from:message-id:date:user-agent
 :mime-version:in-reply-to:content-language:content-transfer-encoding;
 bh=tgcxfInduShoZIUildLraVCE0rOOmilsQupm8PGTetk=;
 b=NGfiQgKUySEcDcGEER9EnRNopWQdqVNDJRBSFzfutrC0rHUIpHzqQ0iZuLOpvIavlD
 N/xY6lmU2Nk5bFHUzRLO+07pT0xINu5uPzIgrQGOs0qdMGNpB13PlTLZvSvb7U4zGWO/
 jl92KpkYIkt/A3wiZArI4L/+9Py6je0SVHxgpGTZFDtHjaLVo28XPa55WzoR2tjeJIHd
 5dLyIHIyBhhpKqaL/OjmxzGIvoMKUBI8ulkZj3zWGPzMaEQYyagrdAgg7iY/PAicxNtv
 bTl7YIeugikkbshYdrHhL7Ovb1sKGa6FaFgPPwy9EWEWgDBiflHPOOjPN4F1ELAzgI9d
 zmyg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:sender:subject:to:references:from:message-id
 :date:user-agent:mime-version:in-reply-to:content-language
 :content-transfer-encoding;
 bh=tgcxfInduShoZIUildLraVCE0rOOmilsQupm8PGTetk=;
 b=orG44HmFBPbh34mpehDzpmHBZ3HipOejfl7ypkErzMhiIx+eXba7AcVjFIxfsyYOEN
 rcemvViHD3o3Vu4jSrFBvIHJQ1bWzKbJNTpvnq06q8HJpvppyemOgIqshlgBc5vmDFeS
 g6sYWfocgDZ/EXrgPXtN3DFWMjbHcn0BoA40XIqasFa793aL6HGWO6FSGZB1HD/s273p
 XKbE0X0zzkuhwauNa5ux/sBh6CXjp4czg3Wwk+3kbDuekEve32MzEfsAHTDl1AhsL8Os
 ivsz5EJ8ny4KuUsEJ1H0tckDt1wUEJMc7h7s0gyPkQhBgoUnnscfqUgsDboBOCBIYnW+
 AwAw==
X-Gm-Message-State: AKS2vOxasbC3nRFyEaHx/BF7Qog3nlRhd0J4FXxF9torjcsLxREtgO59
 +/ahNzDgCdhzABsosXU=
X-Received: by 10.55.112.66 with SMTP id l63mr56047898qkc.56.1499276251210;
 Wed, 05 Jul 2017 10:37:31 -0700 (PDT)
Received: from mbp-eth.home ([177.53.86.172])
 by smtp.gmail.com with ESMTPSA id j7sm9808933qtb.60.2017.07.05.10.37.29
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Wed, 05 Jul 2017 10:37:30 -0700 (PDT)
Sender: Renato Botelho <garga.bsd@gmail.com>
Subject: Re: svn commit: r320674 - head/usr.sbin/bsdinstall/scripts
To: Bartek Rutkowski <robak@FreeBSD.org>, src-committers@freebsd.org,
 svn-src-all@freebsd.org, svn-src-head@freebsd.org
References: <201707051337.v65DbRD2019178@repo.freebsd.org>
From: Renato Botelho <garga@FreeBSD.org>
Message-ID: <4def0b91-f54a-2038-5fe3-9a860f3317dc@FreeBSD.org>
Date: Wed, 5 Jul 2017 14:37:27 -0300
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0)
 Gecko/20100101 Thunderbird/52.2.1
MIME-Version: 1.0
In-Reply-To: <201707051337.v65DbRD2019178@repo.freebsd.org>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-BeenThere: svn-src-head@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: SVN commit messages for the src tree for head/-current
 <svn-src-head.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-head/>
List-Post: <mailto:svn-src-head@freebsd.org>
List-Help: <mailto:svn-src-head-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Jul 2017 17:37:32 -0000

On 05/07/17 10:37, Bartek Rutkowski wrote:
> Author: robak (ports committer)
> Date: Wed Jul  5 13:37:27 2017
> New Revision: 320674
> URL: https://svnweb.freebsd.org/changeset/base/320674
> 
> Log:
>   Add option to bsdinstall to disable insecure console, update stack guard option
>   
>   This patch adds new bsdinstall option to hardening section that allows users
>   to change this behaviour to secure one and updates stack guard option so it
>   would set the value of relevant sysctl to 512 (2MB)
>   
>   Submitted by:	Bartek Rutkowski
>   Reviewed by:	adrian, bapt, emaste
>   Approved by:	bapt, emaste
>   MFC after:	1 day
>   Sponsored by:	Pixeware LTD
>   Differential Revision:	https://reviews.freebsd.org/D9700
> 
> Modified:
>   head/usr.sbin/bsdinstall/scripts/config
>   head/usr.sbin/bsdinstall/scripts/hardening
> 
> Modified: head/usr.sbin/bsdinstall/scripts/config
> ==============================================================================
> --- head/usr.sbin/bsdinstall/scripts/config	Wed Jul  5 13:13:38 2017	(r320673)
> +++ head/usr.sbin/bsdinstall/scripts/config	Wed Jul  5 13:37:27 2017	(r320674)
> @@ -35,6 +35,11 @@ rm $BSDINSTALL_TMPETC/rc.conf.*
>  cat $BSDINSTALL_CHROOT/etc/sysctl.conf $BSDINSTALL_TMPETC/sysctl.conf.* >> $BSDINSTALL_TMPETC/sysctl.conf
>  rm $BSDINSTALL_TMPETC/sysctl.conf.*
>  
> +if [ -f $BSDINSTALL_TMPTEC/ttys.hardening ]; then
> +	cat $BSDINSTALL_TMPTEC/ttys.hardening > $BSDINSTALL_TMPTEC/ttys
> +	rm $BSDINSTALL_TMPTEC/ttys.hardening
> +fi
> +
>  cp $BSDINSTALL_TMPETC/* $BSDINSTALL_CHROOT/etc
>  
>  cat $BSDINSTALL_TMPBOOT/loader.conf.* >> $BSDINSTALL_TMPBOOT/loader.conf
> 
> Modified: head/usr.sbin/bsdinstall/scripts/hardening
> ==============================================================================
> --- head/usr.sbin/bsdinstall/scripts/hardening	Wed Jul  5 13:13:38 2017	(r320673)
> +++ head/usr.sbin/bsdinstall/scripts/hardening	Wed Jul  5 13:37:27 2017	(r320674)
> @@ -42,10 +42,11 @@ FEATURES=$( dialog --backtitle "FreeBSD Installer" \
>  	"3 read_msgbuf" "Disable reading kernel message buffer for unprivileged users" ${read_msgbuf:-off} \
>  	"4 proc_debug" "Disable process debugging facilities for unprivileged users" ${proc_debug:-off} \
>  	"5 random_pid" "Randomize the PID of newly created processes" ${random_pid:-off} \
> -	"6 stack_guard" "Insert stack guard page ahead of the growable segments" ${stack_guard:-off} \
> +	"6 stack_guard" "Set stack guard buffer size to 2MB" ${stack_guard:-off} \
>  	"7 clear_tmp" "Clean the /tmp filesystem on system startup" ${clear_tmp:-off} \
>  	"8 disable_syslogd" "Disable opening Syslogd network socket (disables remote logging)" ${disable_syslogd:-off} \
>  	"9 disable_sendmail" "Disable Sendmail service" ${disable_sendmail:-off} \
> +	"9 secure_console" "Enable console password prompt" ${secure_console:-off} \

There are two options '9' now

-- 
Renato Botelho