The ASLR feature is now disabled on 32- and enabled on 64-bit
architectures. Reflect these changes in the hardening dialog menu.
In order to handle both cases in a single menu tick the "enable_aslr"
option on the 64-bit platforms.
Details
Details
Diff Detail
Diff Detail
- Repository
- rG FreeBSD src repository
- Lint
Lint Skipped - Unit
Tests Skipped
Event Timeline
| usr.sbin/bsdinstall/scripts/hardening | ||
|---|---|---|
| 83 | In general there is a preference for positive-sense controls - this is from sysctl(9) but I think the logic applies: "For boolean sysctls, negative logic should be totally avoided." Can we leave this as enable_aslr defaulted to on? | |
| usr.sbin/bsdinstall/scripts/hardening | ||
|---|---|---|
| 83 |
Thanks, I'm aware of this requirement for sysctls, but what about the knobs for the controls that are actually enabled by default in the kernel? This seems to be the case for e.g. disable_ddtrace menu option.
For 32-bit that would obviously keep the things simple, but in case https://reviews.freebsd.org/D27666 lands, enable_aslr will become useless for all 64-bit platforms. My reasoning was to allow user to optionally disable the feature during installation phase on amd64, arm64, etc. Thoughts? | |
Comment Actions
New options should be positive logic always, even if the default is to set them to true. It's proven less confusing over time to do this than have the negative logic. Especially if we ever need to change the default.
Comment Actions
Having said that, bsdinstall should have these things be a toggle based on the current setting... but that's a much bigger ask...
Comment Actions
Please confirm.
Would you prefer then to:
- get back to enable_aslr
- on 64-bit systems it would appear as marked by default:
- on 32-bit systems the box would remain empty:
Please confirm.
If yes, I can invert the proposed logic, however the script may get a bit more messy.
Comment Actions
- Invert the logic and return to enable_aslr.
- The option is ticked on 64-bit archs by default.
- Take a number of arch bits into consideration in the dialog menu description and when modifying the sysctls.
Comment Actions
@emaste Please confirm if we should just revert 020f4112559ebf7e94665c9a69f89d21929ce82a instead of this patch.
Comment Actions
@emaste Have you decided about your preference whether we should update the menu option or remove it?
Comment Actions
I originally made some suggestions on sense of the controls (+ve or -ve) in earlier comments but did not yet think about this holistically. We (@mw, myself, and others) discussed this on a call last week, and on further reflection I think we should just revert R10:020f4112559e. Right now (prior to ASLR default changes) that menu exists to turn on "mitigation"/"hardening" options that are not enabled by default. With ASLR defaulting to on IMO it's clearer to just remove the option from the menu - including options that are already on by default will be more confusing IMO.
Comment Actions
To be perfectly clear, my preference is:
- commit D27666
- revert R10:020f4112559ebf7e94665c9a69f89d21929ce82a
Comment Actions
Thanks. I will abandon this patch and I'm planning to add a following comment in the revert commit message:
Because now ASLR is enabled by default for 64-bit architectures and the purpose of the installation menu is to allow choosing additional 'mitigation'/'hardening' options that are originally disabled, remove the ASLR knob from bsdinstall.
Please me know if it's sufficient.
Comment Actions
Change no longer relevant after removing the knob in https://cgit.freebsd.org/src/commit/?id=bf410c6eda515364db5f6ed74b765efdec0595ae