Page MenuHomeFreeBSD

bsdinstall: add a hardening knob for unprivileged kenv access
AcceptedPublic

Authored by kevans on Mon, Jun 22, 8:27 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sun, Jun 28, 5:44 AM
Unknown Object (File)
Sat, Jun 27, 4:46 PM
Unknown Object (File)
Fri, Jun 26, 2:36 PM
Unknown Object (File)
Fri, Jun 26, 1:59 PM
Unknown Object (File)
Fri, Jun 26, 9:51 AM
Unknown Object (File)
Wed, Jun 24, 3:01 PM
Subscribers

Details

Summary

It makes sense.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Passed
Unit
No Test Coverage
Build Status
Buildable 74118
Build 71001: arc lint + arc unit

Event Timeline

Ping- this is relatively simple, so I may just commit it later this week, unless someone has time to give it a once-over.

Implementation-wise it seems reasonable, but every time bsdinstall hardening gains an option the security world cries out in pain over having sensible defaults and good UX :')

Implementation-wise it seems reasonable, but every time bsdinstall hardening gains an option the security world cries out in pain over having sensible defaults and good UX :')

Ah shit, sorry, I should have added you as well. My hope is that I can MFC the original change and this one, then try to convince -arch@ that this should just be the default behavior for 16.0 and the knob can go away again.

This revision is now accepted and ready to land.Tue, Jun 30, 1:58 AM