Question conc. hbsdcontrol

5 views
Skip to first unread message

Uwe Trenkner

unread,
Aug 28, 2018, 7:31:55 AM8/28/18
to us...@hardenedbsd.org
Hi Shawn,

I know that you are busy writing the handbook section on hbsdcontrol.
But because it shows up in more and more commits and release notes:
Could you just let us know, if we can safely hbsd-update our server even
without knowing what hbsdcontrol is? Does it replace secadm or can I
continue to use secadm as before?

Thanks and best regards

Uwe.


Shawn Webb

unread,
Aug 28, 2018, 10:15:39 AM8/28/18
to Uwe Trenkner, us...@hardenedbsd.org
You can even use both at the same time! Use what you prefer.
Essentially, in the documentation I'm writing:

To toggle exploit mitigations, hbsdcontrol is preferred when the
application lives on a filesystem that supports extended attributes
(UFS and ZFS). secadm is preferred when the application lives on a
filesystem that does NOT support extended attributes (NFS, SMB, etc.)

Thanks,

--
Shawn Webb
Cofounder and Security Engineer
HardenedBSD

Tor-ified Signal: +1 443-546-8752
Tor+XMPP+OTR: lat...@is.a.hacker.sx
GPG Key ID: 0x6A84658F52456EEE
GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE
signature.asc

Uwe Trenkner

unread,
Aug 29, 2018, 2:22:09 AM8/29/18
to us...@hardenedbsd.org
On 28/08/2018 16:14, Shawn Webb wrote:
> On Tue, Aug 28, 2018 at 01:31:53PM +0200, Uwe Trenkner wrote:
>> Hi Shawn,
>>
>> I know that you are busy writing the handbook section on hbsdcontrol.
>> But because it shows up in more and more commits and release notes:
>> Could you just let us know, if we can safely hbsd-update our server even
>> without knowing what hbsdcontrol is? Does it replace secadm or can I
>> continue to use secadm as before?
> You can even use both at the same time! Use what you prefer.
> Essentially, in the documentation I'm writing:
>
> To toggle exploit mitigations, hbsdcontrol is preferred when the
> application lives on a filesystem that supports extended attributes
> (UFS and ZFS). secadm is preferred when the application lives on a
> filesystem that does NOT support extended attributes (NFS, SMB, etc.)
>
Excellent. Thanks!!!
Reply all
Reply to author
Forward
0 new messages