On Wed, Feb 22, 2017 at 06:10:04PM -0500, Allan Jude wrote:
> Core is soon to announce a more formalized way to discuss and reach
> consensus on these types of changes. robak@ can I ask that you back this
> out for now, and we use that process to determine what the right set of
> knobs to turn o
On 2/22/2017 3:10 PM, Allan Jude wrote:
> On 2017-02-22 15:26, Bryan Drewery wrote:
>> On 2/21/2017 11:07 PM, Joel Dahl wrote:
>>> On Tue, Feb 21, 2017 at 02:40:02PM +, Alexey Dokuchaev wrote:
On Tue, Feb 21, 2017 at 08:34:29AM -0600, Eric Badger wrote:
> Thanks for working on making i
On 2017-02-22 15:26, Bryan Drewery wrote:
> On 2/21/2017 11:07 PM, Joel Dahl wrote:
>> On Tue, Feb 21, 2017 at 02:40:02PM +, Alexey Dokuchaev wrote:
>>> On Tue, Feb 21, 2017 at 08:34:29AM -0600, Eric Badger wrote:
Thanks for working on making it easier to harden FreeBSD. While
default
On Wed, Feb 22, 2017 at 2:46 PM, Ngie Cooper wrote:
...
> (Piggybacking on this thread) Silly question -- can all of these knobs
> please default to off and have a global knob, like securelevel..? Fine
> grained security is great, but it's really cumbersome tweaking
> everything properly if you do
On Wed, Feb 22, 2017 at 12:26 PM, Bryan Drewery wrote:
...
> I concur.
> In the original review for adding this I predicted today would come,
> https://reviews.freebsd.org/D6826. I still think that it is very
> under-designed and under-thought out.
>
> I personally agree with hardening my system,
On 2/21/2017 11:07 PM, Joel Dahl wrote:
> On Tue, Feb 21, 2017 at 02:40:02PM +, Alexey Dokuchaev wrote:
>> On Tue, Feb 21, 2017 at 08:34:29AM -0600, Eric Badger wrote:
>>> Thanks for working on making it easier to harden FreeBSD. While
>>> defaulting some of these options to "on" seem pretty ha
On Wed, Feb 22, 2017 at 10:13:41AM -0800, Conrad Meyer wrote:
> On Wed, Feb 22, 2017 at 10:05 AM, Slawa Olhovchenkov wrote:
> > On Wed, Feb 22, 2017 at 08:11:14AM -0800, Conrad Meyer wrote:
> >
> >> On Wed, Feb 22, 2017 at 3:23 AM, Joel Dahl wrote:
> >> > On Wed, Feb 22, 2017 at 07:56:52AM +
On Wed, Feb 22, 2017 at 02:23:26PM -0500, Allan Jude wrote:
> On 2017-02-22 13:13, Conrad Meyer wrote:
> > On Wed, Feb 22, 2017 at 10:05 AM, Slawa Olhovchenkov
> > wrote:
> >> On Wed, Feb 22, 2017 at 08:11:14AM -0800, Conrad Meyer wrote:
> >>
> >>> On Wed, Feb 22, 2017 at 3:23 AM, Joel Dahl wrot
On 2017-02-22 13:13, Conrad Meyer wrote:
> On Wed, Feb 22, 2017 at 10:05 AM, Slawa Olhovchenkov wrote:
>> On Wed, Feb 22, 2017 at 08:11:14AM -0800, Conrad Meyer wrote:
>>
>>> On Wed, Feb 22, 2017 at 3:23 AM, Joel Dahl wrote:
On Wed, Feb 22, 2017 at 07:56:52AM +, Bartłomiej Rutkowski wrot
On Wed, Feb 22, 2017 at 10:05 AM, Slawa Olhovchenkov wrote:
> On Wed, Feb 22, 2017 at 08:11:14AM -0800, Conrad Meyer wrote:
>
>> On Wed, Feb 22, 2017 at 3:23 AM, Joel Dahl wrote:
>> > On Wed, Feb 22, 2017 at 07:56:52AM +, Bartłomiej Rutkowski wrote:
>> >> I strongly believe we should, by defa
On Wed, Feb 22, 2017 at 08:11:14AM -0800, Conrad Meyer wrote:
> On Wed, Feb 22, 2017 at 3:23 AM, Joel Dahl wrote:
> > On Wed, Feb 22, 2017 at 07:56:52AM +, Bartłomiej Rutkowski wrote:
> >> I strongly believe we should, by default, ship as secured and hardened as
> >> possible in order to impr
On Wednesday, February 22, 2017 07:52:45 AM Bartłomiej Rutkowski wrote:
> On Tue, Feb 21, 2017 at 2:34 PM, Eric Badger wrote:
>
> > On 02/21/2017 03:37 AM, Bartek Rutkowski wrote:
> >
> >> Author: robak (ports committer)
> >> Date: Tue Feb 21 09:37:33 2017
> >> New Revision: 314036
> >> URL: http
On Wed, Feb 22, 2017 at 3:23 AM, Joel Dahl wrote:
> On Wed, Feb 22, 2017 at 07:56:52AM +, Bartłomiej Rutkowski wrote:
>> I strongly believe we should, by default, ship as secured and hardened as
>> possible in order to improve overall security of new users installations.
>> Power users will an
On Tue, Feb 21, 2017 at 09:37:34AM +, Bartek Rutkowski wrote:
> Author: robak (ports committer)
> Date: Tue Feb 21 09:37:33 2017
> New Revision: 314036
> URL: https://svnweb.freebsd.org/changeset/base/314036
>
> Log:
> Enable bsdinstall hardening options by default.
>
> As discussed pr
On Wed, Feb 22, 2017 at 07:56:52AM +, Bartłomiej Rutkowski wrote:
> On Tue, Feb 21, 2017 at 2:40 PM, Alexey Dokuchaev wrote:
>
> > On Tue, Feb 21, 2017 at 08:34:29AM -0600, Eric Badger wrote:
> > > Thanks for working on making it easier to harden FreeBSD. While
> > > defaulting some of these
On Wed, Feb 22, 2017 at 8:32 AM, Alexey Dokuchaev wrote:
> On Wed, Feb 22, 2017 at 07:56:52AM +, Bart??omiej Rutkowski wrote:
> > These options have been around forever, used by a lot of users (once they
> > got to know those even exist) and seem to cause no issues. However,
> despite
> > tha
On Wed, Feb 22, 2017 at 07:56:52AM +, Bart??omiej Rutkowski wrote:
> These options have been around forever, used by a lot of users (once they
> got to know those even exist) and seem to cause no issues. However, despite
> that, and numerous discussions and mail threads over the years, we've
>
On Tue, Feb 21, 2017 at 2:40 PM, Alexey Dokuchaev wrote:
> On Tue, Feb 21, 2017 at 08:34:29AM -0600, Eric Badger wrote:
> > Thanks for working on making it easier to harden FreeBSD. While
> > defaulting some of these options to "on" seem pretty harmless (e.g.
> > random_pid), others are likely to
On Tue, Feb 21, 2017 at 2:34 PM, Eric Badger wrote:
> On 02/21/2017 03:37 AM, Bartek Rutkowski wrote:
>
>> Author: robak (ports committer)
>> Date: Tue Feb 21 09:37:33 2017
>> New Revision: 314036
>> URL: https://svnweb.freebsd.org/changeset/base/314036
>>
>> Log:
>> Enable bsdinstall hardening
On Wed, Feb 22, 2017 at 7:07 AM, Joel Dahl wrote:
> On Tue, Feb 21, 2017 at 02:40:02PM +, Alexey Dokuchaev wrote:
> > On Tue, Feb 21, 2017 at 08:34:29AM -0600, Eric Badger wrote:
> > > Thanks for working on making it easier to harden FreeBSD. While
> > > defaulting some of these options to "o
On Tue, Feb 21, 2017 at 02:40:02PM +, Alexey Dokuchaev wrote:
> On Tue, Feb 21, 2017 at 08:34:29AM -0600, Eric Badger wrote:
> > Thanks for working on making it easier to harden FreeBSD. While
> > defaulting some of these options to "on" seem pretty harmless (e.g.
> > random_pid), others are li
On Tue, Feb 21, 2017 at 08:34:29AM -0600, Eric Badger wrote:
> Thanks for working on making it easier to harden FreeBSD. While
> defaulting some of these options to "on" seem pretty harmless (e.g.
> random_pid), others are likely to cause confusion for new and
> experienced users alike (e.g. proc_d
On 02/21/2017 03:37 AM, Bartek Rutkowski wrote:
Author: robak (ports committer)
Date: Tue Feb 21 09:37:33 2017
New Revision: 314036
URL: https://svnweb.freebsd.org/changeset/base/314036
Log:
Enable bsdinstall hardening options by default.
As discussed previously, in order to introduce new O
Author: robak (ports committer)
Date: Tue Feb 21 09:37:33 2017
New Revision: 314036
URL: https://svnweb.freebsd.org/changeset/base/314036
Log:
Enable bsdinstall hardening options by default.
As discussed previously, in order to introduce new OS hardening
defaults, we've added them to bsdi
24 matches
Mail list logo