|
Revision tags: release/14.0.0 |
|
| #
c0e249d3 |
| 15-Aug-2023 |
Lars Kellogg-Stedman <lars@oddbit.com> |
bsdinstall: avoid conflicts with fd 3
Throughout the bsdinstall script fd 3 is used by f_dprintf (set through
$TERMINAL_STDOUT_PASSTHRU). In several places in the bsdinstalls scripts,
we use fd 3 to
bsdinstall: avoid conflicts with fd 3
Throughout the bsdinstall script fd 3 is used by f_dprintf (set through
$TERMINAL_STDOUT_PASSTHRU). In several places in the bsdinstalls scripts,
we use fd 3 to juggle stdout when calling out to other tools, which can
cause the installer to fail with a "Bad file descriptor" error when
f_dprintf attempts to use it.
This commit replaces all constructs like this:
exec 3>&1
SOME_VARIABLE=$(some command 2>&1 1>&3)
exec 3>&-
With:
exec 5>&1
SOME_VARIABLE=$(some command 2>&1 1>&5)
exec 5>&-
PR: 273148
Reviewed by: corvink
Fixes: 1f7746d81f53447ac15cc99395bb714d4dd0a4da ("bsdinstall: stop messing with file descriptors")
MFC after: 1 week
show more ...
|
| #
d0b2dbfa |
| 16-Aug-2023 |
Warner Losh <imp@FreeBSD.org> |
Remove $FreeBSD$: one-line sh pattern
Remove /^\s*#[#!]?\s*\$FreeBSD\$.*$\n/
|
| #
fe06db18 |
| 01-Jun-2023 |
Baptiste Daroussin <bapt@FreeBSD.org> |
bsdinstall: remove sendmail hardening option
sendmail is fully disabled in 14.0 by default
Reviewed by: imp, emaste
Differential Revision: https://reviews.freebsd.org/D40367
|
|
Revision tags: release/13.2.0, release/12.4.0 |
|
| #
cc42ef53 |
| 24-May-2022 |
Brad Davis <brd@FreeBSD.org> |
bsdinstall: allow whitelabeling the scripts
Approved by: allanjude, asiciliano
Differential Revision: https://reviews.freebsd.org/D35197
Sponsored by: Rubicon Communications, LLC ("Netgate")
|
|
Revision tags: release/13.1.0 |
|
| #
4d1ba6fe |
| 23-Mar-2022 |
Alfonso S. Siciliano <asiciliano@FreeBSD.org> |
bsdinstall hardening: Replace dialog with bsddialog
bsdinstall/scripts/hardening: Replace (LGPL) dialog utility with
(BSD-2-CLAUSE) dialog utility.
Approved by: bapt (mentor)
Differential Revision
bsdinstall hardening: Replace dialog with bsddialog
bsdinstall/scripts/hardening: Replace (LGPL) dialog utility with
(BSD-2-CLAUSE) dialog utility.
Approved by: bapt (mentor)
Differential Revision: https://reviews.freebsd.org/D34102
show more ...
|
|
Revision tags: release/12.3.0 |
|
| #
bf410c6e |
| 12-Nov-2021 |
Marcin Wojtas <mw@FreeBSD.org> |
Revert "bsdinstall: add knob to set ASLR sysctls"
This reverts commit 020f4112559ebf7e94665c9a69f89d21929ce82a.
Because now ASLR is enabled by default for 64-bit architectures
and the purpose of th
Revert "bsdinstall: add knob to set ASLR sysctls"
This reverts commit 020f4112559ebf7e94665c9a69f89d21929ce82a.
Because now ASLR is enabled by default for 64-bit architectures
and the purpose of the installation menu is to allow choosing
additional 'mitigation'/'hardening' options that are originally
disabled, remove the ASLR knob from bsdinstall.
Discussed with: emaste
Obtained from: Semihalf
Sponsored by: Stormshield
show more ...
|
|
Revision tags: release/13.0.0 |
|
| #
020f4112 |
| 29-Jan-2021 |
Ed Maste <emaste@FreeBSD.org> |
bsdinstall: add knob to set ASLR sysctls
Reviewed by: mw
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D28418
|
| #
fbc57e2d |
| 29-Jan-2021 |
Ed Maste <emaste@FreeBSD.org> |
bsdinstall: replace multiple ifs with case
Reduce copy-paste and use a more typical construct.
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D28417
|
|
Revision tags: release/12.2.0, release/11.4.0, release/12.1.0, release/11.3.0, release/12.0.0 |
|
| #
01d4e214 |
| 05-Oct-2018 |
Glen Barber <gjb@FreeBSD.org> |
MFH r338661 through r339200.
Sponsored by: The FreeBSD Foundation
|
| #
ce44d808 |
| 27-Sep-2018 |
Dimitry Andric <dim@FreeBSD.org> |
Merge ^/head r338731 through r338987.
|
| #
c3afb29b |
| 21-Sep-2018 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Add an installer option to disable destructive dtrace.
Submitted by: Jörg Pernfuß <code.jpe@gmail.com>
Approved by: re (kib)
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D
Add an installer option to disable destructive dtrace.
Submitted by: Jörg Pernfuß <code.jpe@gmail.com>
Approved by: re (kib)
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D12474
show more ...
|
|
Revision tags: release/11.2.0 |
|
| #
c2c014f2 |
| 07-Nov-2017 |
Hans Petter Selasky <hselasky@FreeBSD.org> |
Merge ^/head r323559 through r325504.
|
| #
50896984 |
| 10-Oct-2017 |
Enji Cooper <ngie@FreeBSD.org> |
MFhead@r324482
|
| #
f78bd12d |
| 02-Oct-2017 |
Allan Jude <allanjude@FreeBSD.org> |
bsdinstall(8) hardening menu: Utilize new kern.randompid=1 behaviour
Enabling the PID randomization option in bsdinstall(8)'s hardening menu
now randomizes the effective value of kern.randompid on e
bsdinstall(8) hardening menu: Utilize new kern.randompid=1 behaviour
Enabling the PID randomization option in bsdinstall(8)'s hardening menu
now randomizes the effective value of kern.randompid on each boot.
Previous behaviour:
When kern.randompid was enabled via the the bsdinstall(8) hardening menu,
a random value was generated and placed in the systems /etc/sysctl.conf as
kern.randompid=value
This makes the value of kern.randompid static across reboots.
New behaviour:
When kern.randompid is enabled via the bsdinstall(8) hardening menu, the
line kern.randompid=1 is placed in the systems /etc/sysctl.conf.
This takes advantage of a new kernel feature and makes the value of
kern.randompid be randomized by the kernel on each reboot.
Submitted by: Marie Helene Kvello-Aune <marieheleneka@gmail.com>
Reviewed by: des
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D12433
show more ...
|
|
Revision tags: release/10.4.0 |
|
| #
531c2d7a |
| 24-Jul-2017 |
Enji Cooper <ngie@FreeBSD.org> |
MFhead@r320180
|
| #
bca9d05f |
| 23-Jul-2017 |
Hans Petter Selasky <hselasky@FreeBSD.org> |
Merge ^/head r319973 through 321382.
|
| #
90a5403f |
| 21-Jul-2017 |
Dimitry Andric <dim@FreeBSD.org> |
Merge ^/head r321307 through r321350.
|
| #
391aafd7 |
| 21-Jul-2017 |
Bartek Rutkowski <robak@FreeBSD.org> |
Remove stack guard option from hardening menu.
Since kib's change the stack guard is now ON by default,
this option in hardening menu of bsdinstall is no longer needed.
Submitted by: Bartlomiej Rut
Remove stack guard option from hardening menu.
Since kib's change the stack guard is now ON by default,
this option in hardening menu of bsdinstall is no longer needed.
Submitted by: Bartlomiej Rutkowski <robak@FreeBSD.org>
Reviewed by: bapt
Approved by: bapt
MFC after: 1 day
Sponsored by: Pixeware LTD
Differential Revision: https://reviews.freebsd.org/D11686
show more ...
|
|
Revision tags: release/11.1.0 |
|
| #
d2043ca3 |
| 14-Jul-2017 |
Dimitry Andric <dim@FreeBSD.org> |
Merge ^/head r320573 through r320970.
|
| #
2669f7eb |
| 06-Jul-2017 |
Bartek Rutkowski <robak@FreeBSD.org> |
usr.sbin/bsdinstall/scripts/hardening: fix options numbers
Submitted by: Bartek Rutkowski <robak@FreeBSD.org>
Reviewed by: bapt
Approved by: bapt
MFC after: 1 day
Differential Revision: https://revi
usr.sbin/bsdinstall/scripts/hardening: fix options numbers
Submitted by: Bartek Rutkowski <robak@FreeBSD.org>
Reviewed by: bapt
Approved by: bapt
MFC after: 1 day
Differential Revision: https://reviews.freebsd.org/D11505
show more ...
|
| #
82ec242f |
| 05-Jul-2017 |
Bartek Rutkowski <robak@FreeBSD.org> |
Add option to bsdinstall to disable insecure console, update stack guard option
This patch adds new bsdinstall option to hardening section that allows users
to change this behaviour to secure one an
Add option to bsdinstall to disable insecure console, update stack guard option
This patch adds new bsdinstall option to hardening section that allows users
to change this behaviour to secure one and updates stack guard option so it
would set the value of relevant sysctl to 512 (2MB)
Submitted by: Bartek Rutkowski
Reviewed by: adrian, bapt, emaste
Approved by: bapt, emaste
MFC after: 1 day
Sponsored by: Pixeware LTD
Differential Revision: https://reviews.freebsd.org/D9700
show more ...
|
| #
f6e653bb |
| 02-Jul-2017 |
Dimitry Andric <dim@FreeBSD.org> |
Merge ^/head r320398 through r320572.
|
| #
d8061eff |
| 29-Jun-2017 |
Steve Wills <swills@FreeBSD.org> |
Add hardening menu item for security.bsd.see_jail_proc
Approved by: allanjude
Differential Revision: https://reviews.freebsd.org/D11283
|
| #
2434a052 |
| 17-Mar-2017 |
Bartek Rutkowski <robak@FreeBSD.org> |
Revert changes introduced in r314036 on demand by jhb and bapt.
Approved by: bapt, jhb
|
| #
6ae9acde |
| 23-Feb-2017 |
Dimitry Andric <dim@FreeBSD.org> |
Merge ^/head r313896 through r314128.
|