The ASLR feature is now disabled on 32- and enabled on 64-bit
architectures. Reflect these changes in the hardening dialog menu.
In order to handle both cases in a single menu tick the "enable_aslr"
option on the 64-bit platforms.
mw on Nov 4 2021, 3:44 PM.Authored by
New options should be positive logic always, even if the default is to set them to true. It's proven less confusing over time to do this than have the negative logic. Especially if we ever need to change the default.
Would you prefer then to:
If yes, I can invert the proposed logic, however the script may get a bit more messy.
I originally made some suggestions on sense of the controls (+ve or -ve) in earlier comments but did not yet think about this holistically. We (@mw, myself, and others) discussed this on a call last week, and on further reflection I think we should just revert R10:020f4112559e. Right now (prior to ASLR default changes) that menu exists to turn on "mitigation"/"hardening" options that are not enabled by default. With ASLR defaulting to on IMO it's clearer to just remove the option from the menu - including options that are already on by default will be more confusing IMO.
Thanks. I will abandon this patch and I'm planning to add a following comment in the revert commit message:
Because now ASLR is enabled by default for 64-bit architectures and the purpose of the installation menu is to allow choosing additional 'mitigation'/'hardening' options that are originally disabled, remove the ASLR knob from bsdinstall.
Please me know if it's sufficient.