On 2/21/2017 11:07 PM, Joel Dahl wrote: > On Tue, Feb 21, 2017 at 02:40:02PM +0000, Alexey Dokuchaev wrote: >> On Tue, Feb 21, 2017 at 08:34:29AM -0600, Eric Badger wrote: >>> Thanks for working on making it easier to harden FreeBSD. While >>> defaulting some of these options to "on" seem pretty harmless (e.g. >>> random_pid), others are likely to cause confusion for new and >>> experienced users alike (e.g. proc_debug. I've never used that option >>> before, so I gave it a try. It simply causes gdb to hang when attempting >>> to start a process, with no obvious indication of why). >> >> I concur. In fact, harmless knobs should probably be turned on by default >> in FreeBSD itself (i.e., without any "hardening" help from the installer), >> while more intrusive ones should be opt-in, not opt-out. > > I agree. Can we back this out and discuss it on current@? >
I concur. In the original review for adding this I predicted today would come, https://reviews.freebsd.org/D6826. I still think that it is very under-designed and under-thought out. I personally agree with hardening my system, but I have a number of issues with this approach: 1. It makes *1 installation* method do hardening, while every other installation method, and *upgrade* methods not do hardening. So someone upgrading from 11.0 to 12.0 won't get hardening, but someone installing from bsdinstall for 12.0 fresh will get it. There should not be a distinction between our installation/upgrade methods like this. 2. It ignores that FreeBSD is *generic Operating System* that serves many workflows. Developers want all of this off, System Administrators want all of it on, and Desktop users may want a compromise of half of it to allow various drivers to work (not pointing at any specific sysctl right now). I think what is really needed is a system profile that lets you pick the workflow you are going to use the system for, and then set some reasonable defaults from there. We will never all agree on the same defaults because we all are using the systems differently, but we can find some compromise if we make Use Cases, such as a System Profile would entail. I too would like to see this backed out. -- Regards, Bryan Drewery
signature.asc
Description: OpenPGP digital signature
