Author: allanjude Date: Mon Oct 2 14:19:31 2017 New Revision: 324206 URL: https://svnweb.freebsd.org/changeset/base/324206
Log: bsdinstall(8) hardening menu: Utilize new kern.randompid=1 behaviour Enabling the PID randomization option in bsdinstall(8)'s hardening menu now randomizes the effective value of kern.randompid on each boot. Previous behaviour: When kern.randompid was enabled via the the bsdinstall(8) hardening menu, a random value was generated and placed in the systems /etc/sysctl.conf as kern.randompid=value This makes the value of kern.randompid static across reboots. New behaviour: When kern.randompid is enabled via the bsdinstall(8) hardening menu, the line kern.randompid=1 is placed in the systems /etc/sysctl.conf. This takes advantage of a new kernel feature and makes the value of kern.randompid be randomized by the kernel on each reboot. Submitted by: Marie Helene Kvello-Aune <[email protected]> Reviewed by: des MFC after: 2 weeks Differential Revision: https://reviews.freebsd.org/D12433 Modified: head/usr.sbin/bsdinstall/scripts/hardening Modified: head/usr.sbin/bsdinstall/scripts/hardening ============================================================================== --- head/usr.sbin/bsdinstall/scripts/hardening Mon Oct 2 12:54:01 2017 (r324205) +++ head/usr.sbin/bsdinstall/scripts/hardening Mon Oct 2 14:19:31 2017 (r324206) @@ -66,7 +66,7 @@ for feature in $FEATURES; do echo security.bsd.unprivileged_proc_debug=0 >> $BSDINSTALL_TMPETC/sysctl.conf.hardening fi if [ "$feature" = "random_pid" ]; then - echo kern.randompid=$(jot -r 1 9999) >> $BSDINSTALL_TMPETC/sysctl.conf.hardening + echo kern.randompid=1 >> $BSDINSTALL_TMPETC/sysctl.conf.hardening fi if [ "$feature" = "clear_tmp" ]; then echo 'clear_tmp_enable="YES"' >> $BSDINSTALL_TMPETC/rc.conf.hardening _______________________________________________ [email protected] mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "[email protected]"
