Revision tags: release/14.0.0 |
|
#
c0e249d3 |
| 15-Aug-2023 |
Lars Kellogg-Stedman <lars@oddbit.com> |
bsdinstall: avoid conflicts with fd 3
Throughout the bsdinstall script fd 3 is used by f_dprintf (set through $TERMINAL_STDOUT_PASSTHRU). In several places in the bsdinstalls scripts, we use fd 3 to
bsdinstall: avoid conflicts with fd 3
Throughout the bsdinstall script fd 3 is used by f_dprintf (set through $TERMINAL_STDOUT_PASSTHRU). In several places in the bsdinstalls scripts, we use fd 3 to juggle stdout when calling out to other tools, which can cause the installer to fail with a "Bad file descriptor" error when f_dprintf attempts to use it.
This commit replaces all constructs like this:
exec 3>&1 SOME_VARIABLE=$(some command 2>&1 1>&3) exec 3>&-
With:
exec 5>&1 SOME_VARIABLE=$(some command 2>&1 1>&5) exec 5>&-
PR: 273148 Reviewed by: corvink Fixes: 1f7746d81f53447ac15cc99395bb714d4dd0a4da ("bsdinstall: stop messing with file descriptors") MFC after: 1 week
show more ...
|
#
d0b2dbfa |
| 16-Aug-2023 |
Warner Losh <imp@FreeBSD.org> |
Remove $FreeBSD$: one-line sh pattern
Remove /^\s*#[#!]?\s*\$FreeBSD\$.*$\n/
|
#
fe06db18 |
| 01-Jun-2023 |
Baptiste Daroussin <bapt@FreeBSD.org> |
bsdinstall: remove sendmail hardening option
sendmail is fully disabled in 14.0 by default
Reviewed by: imp, emaste Differential Revision: https://reviews.freebsd.org/D40367
|
Revision tags: release/13.2.0, release/12.4.0 |
|
#
cc42ef53 |
| 24-May-2022 |
Brad Davis <brd@FreeBSD.org> |
bsdinstall: allow whitelabeling the scripts
Approved by: allanjude, asiciliano Differential Revision: https://reviews.freebsd.org/D35197 Sponsored by: Rubicon Communications, LLC ("Netgate")
|
Revision tags: release/13.1.0 |
|
#
4d1ba6fe |
| 23-Mar-2022 |
Alfonso S. Siciliano <asiciliano@FreeBSD.org> |
bsdinstall hardening: Replace dialog with bsddialog
bsdinstall/scripts/hardening: Replace (LGPL) dialog utility with (BSD-2-CLAUSE) dialog utility.
Approved by: bapt (mentor) Differential Revision
bsdinstall hardening: Replace dialog with bsddialog
bsdinstall/scripts/hardening: Replace (LGPL) dialog utility with (BSD-2-CLAUSE) dialog utility.
Approved by: bapt (mentor) Differential Revision: https://reviews.freebsd.org/D34102
show more ...
|
Revision tags: release/12.3.0 |
|
#
bf410c6e |
| 12-Nov-2021 |
Marcin Wojtas <mw@FreeBSD.org> |
Revert "bsdinstall: add knob to set ASLR sysctls"
This reverts commit 020f4112559ebf7e94665c9a69f89d21929ce82a.
Because now ASLR is enabled by default for 64-bit architectures and the purpose of th
Revert "bsdinstall: add knob to set ASLR sysctls"
This reverts commit 020f4112559ebf7e94665c9a69f89d21929ce82a.
Because now ASLR is enabled by default for 64-bit architectures and the purpose of the installation menu is to allow choosing additional 'mitigation'/'hardening' options that are originally disabled, remove the ASLR knob from bsdinstall.
Discussed with: emaste Obtained from: Semihalf Sponsored by: Stormshield
show more ...
|
Revision tags: release/13.0.0 |
|
#
020f4112 |
| 29-Jan-2021 |
Ed Maste <emaste@FreeBSD.org> |
bsdinstall: add knob to set ASLR sysctls
Reviewed by: mw Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D28418
|
#
fbc57e2d |
| 29-Jan-2021 |
Ed Maste <emaste@FreeBSD.org> |
bsdinstall: replace multiple ifs with case
Reduce copy-paste and use a more typical construct.
Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D28417
|
Revision tags: release/12.2.0, release/11.4.0, release/12.1.0, release/11.3.0, release/12.0.0 |
|
#
01d4e214 |
| 05-Oct-2018 |
Glen Barber <gjb@FreeBSD.org> |
MFH r338661 through r339200.
Sponsored by: The FreeBSD Foundation
|
#
ce44d808 |
| 27-Sep-2018 |
Dimitry Andric <dim@FreeBSD.org> |
Merge ^/head r338731 through r338987.
|
#
c3afb29b |
| 21-Sep-2018 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Add an installer option to disable destructive dtrace.
Submitted by: Jörg Pernfuß <code.jpe@gmail.com> Approved by: re (kib) MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D
Add an installer option to disable destructive dtrace.
Submitted by: Jörg Pernfuß <code.jpe@gmail.com> Approved by: re (kib) MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D12474
show more ...
|
Revision tags: release/11.2.0 |
|
#
c2c014f2 |
| 07-Nov-2017 |
Hans Petter Selasky <hselasky@FreeBSD.org> |
Merge ^/head r323559 through r325504.
|
#
50896984 |
| 10-Oct-2017 |
Enji Cooper <ngie@FreeBSD.org> |
MFhead@r324482
|
#
f78bd12d |
| 02-Oct-2017 |
Allan Jude <allanjude@FreeBSD.org> |
bsdinstall(8) hardening menu: Utilize new kern.randompid=1 behaviour
Enabling the PID randomization option in bsdinstall(8)'s hardening menu now randomizes the effective value of kern.randompid on e
bsdinstall(8) hardening menu: Utilize new kern.randompid=1 behaviour
Enabling the PID randomization option in bsdinstall(8)'s hardening menu now randomizes the effective value of kern.randompid on each boot.
Previous behaviour: When kern.randompid was enabled via the the bsdinstall(8) hardening menu, a random value was generated and placed in the systems /etc/sysctl.conf as kern.randompid=value This makes the value of kern.randompid static across reboots.
New behaviour: When kern.randompid is enabled via the bsdinstall(8) hardening menu, the line kern.randompid=1 is placed in the systems /etc/sysctl.conf. This takes advantage of a new kernel feature and makes the value of kern.randompid be randomized by the kernel on each reboot.
Submitted by: Marie Helene Kvello-Aune <marieheleneka@gmail.com> Reviewed by: des MFC after: 2 weeks Differential Revision: https://reviews.freebsd.org/D12433
show more ...
|
Revision tags: release/10.4.0 |
|
#
531c2d7a |
| 24-Jul-2017 |
Enji Cooper <ngie@FreeBSD.org> |
MFhead@r320180
|
#
bca9d05f |
| 23-Jul-2017 |
Hans Petter Selasky <hselasky@FreeBSD.org> |
Merge ^/head r319973 through 321382.
|
#
90a5403f |
| 21-Jul-2017 |
Dimitry Andric <dim@FreeBSD.org> |
Merge ^/head r321307 through r321350.
|
#
391aafd7 |
| 21-Jul-2017 |
Bartek Rutkowski <robak@FreeBSD.org> |
Remove stack guard option from hardening menu.
Since kib's change the stack guard is now ON by default, this option in hardening menu of bsdinstall is no longer needed.
Submitted by: Bartlomiej Rut
Remove stack guard option from hardening menu.
Since kib's change the stack guard is now ON by default, this option in hardening menu of bsdinstall is no longer needed.
Submitted by: Bartlomiej Rutkowski <robak@FreeBSD.org> Reviewed by: bapt Approved by: bapt MFC after: 1 day Sponsored by: Pixeware LTD Differential Revision: https://reviews.freebsd.org/D11686
show more ...
|
Revision tags: release/11.1.0 |
|
#
d2043ca3 |
| 14-Jul-2017 |
Dimitry Andric <dim@FreeBSD.org> |
Merge ^/head r320573 through r320970.
|
#
2669f7eb |
| 06-Jul-2017 |
Bartek Rutkowski <robak@FreeBSD.org> |
usr.sbin/bsdinstall/scripts/hardening: fix options numbers
Submitted by: Bartek Rutkowski <robak@FreeBSD.org> Reviewed by: bapt Approved by: bapt MFC after: 1 day Differential Revision: https://revi
usr.sbin/bsdinstall/scripts/hardening: fix options numbers
Submitted by: Bartek Rutkowski <robak@FreeBSD.org> Reviewed by: bapt Approved by: bapt MFC after: 1 day Differential Revision: https://reviews.freebsd.org/D11505
show more ...
|
#
82ec242f |
| 05-Jul-2017 |
Bartek Rutkowski <robak@FreeBSD.org> |
Add option to bsdinstall to disable insecure console, update stack guard option
This patch adds new bsdinstall option to hardening section that allows users to change this behaviour to secure one an
Add option to bsdinstall to disable insecure console, update stack guard option
This patch adds new bsdinstall option to hardening section that allows users to change this behaviour to secure one and updates stack guard option so it would set the value of relevant sysctl to 512 (2MB)
Submitted by: Bartek Rutkowski Reviewed by: adrian, bapt, emaste Approved by: bapt, emaste MFC after: 1 day Sponsored by: Pixeware LTD Differential Revision: https://reviews.freebsd.org/D9700
show more ...
|
#
f6e653bb |
| 02-Jul-2017 |
Dimitry Andric <dim@FreeBSD.org> |
Merge ^/head r320398 through r320572.
|
#
d8061eff |
| 29-Jun-2017 |
Steve Wills <swills@FreeBSD.org> |
Add hardening menu item for security.bsd.see_jail_proc
Approved by: allanjude Differential Revision: https://reviews.freebsd.org/D11283
|
#
2434a052 |
| 17-Mar-2017 |
Bartek Rutkowski <robak@FreeBSD.org> |
Revert changes introduced in r314036 on demand by jhb and bapt.
Approved by: bapt, jhb
|
#
6ae9acde |
| 23-Feb-2017 |
Dimitry Andric <dim@FreeBSD.org> |
Merge ^/head r313896 through r314128.
|