Question conc. hbsdcontrol
5 views
Skip to first unread message
Uwe Trenkner
Aug 28, 2018, 7:31:55 AM8/28/18
to us...@hardenedbsd.org
Hi Shawn,
I know that you are busy writing the handbook section on hbsdcontrol.
But because it shows up in more and more commits and release notes:
Could you just let us know, if we can safely hbsd-update our server even
without knowing what hbsdcontrol is? Does it replace secadm or can I
continue to use secadm as before?
Thanks and best regards
Uwe.
I know that you are busy writing the handbook section on hbsdcontrol.
But because it shows up in more and more commits and release notes:
Could you just let us know, if we can safely hbsd-update our server even
without knowing what hbsdcontrol is? Does it replace secadm or can I
continue to use secadm as before?
Thanks and best regards
Uwe.
Shawn Webb
Aug 28, 2018, 10:15:39 AM8/28/18
to Uwe Trenkner, us...@hardenedbsd.org
Essentially, in the documentation I'm writing:
To toggle exploit mitigations, hbsdcontrol is preferred when the
application lives on a filesystem that supports extended attributes
(UFS and ZFS). secadm is preferred when the application lives on a
filesystem that does NOT support extended attributes (NFS, SMB, etc.)
Thanks,
--
Shawn Webb
Cofounder and Security Engineer
HardenedBSD
Tor-ified Signal: +1 443-546-8752
Tor+XMPP+OTR: lat...@is.a.hacker.sx
GPG Key ID: 0x6A84658F52456EEE
GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE
Uwe Trenkner
Aug 29, 2018, 2:22:09 AM8/29/18
to us...@hardenedbsd.org
On 28/08/2018 16:14, Shawn Webb wrote:
> On Tue, Aug 28, 2018 at 01:31:53PM +0200, Uwe Trenkner wrote:
>> Hi Shawn,
>>
>> I know that you are busy writing the handbook section on hbsdcontrol.
>> But because it shows up in more and more commits and release notes:
>> Could you just let us know, if we can safely hbsd-update our server even
>> without knowing what hbsdcontrol is? Does it replace secadm or can I
>> continue to use secadm as before?
> You can even use both at the same time! Use what you prefer.
> Essentially, in the documentation I'm writing:
>
> To toggle exploit mitigations, hbsdcontrol is preferred when the
> application lives on a filesystem that supports extended attributes
> (UFS and ZFS). secadm is preferred when the application lives on a
> filesystem that does NOT support extended attributes (NFS, SMB, etc.)
>
Excellent. Thanks!!!
> On Tue, Aug 28, 2018 at 01:31:53PM +0200, Uwe Trenkner wrote:
>> Hi Shawn,
>>
>> I know that you are busy writing the handbook section on hbsdcontrol.
>> But because it shows up in more and more commits and release notes:
>> Could you just let us know, if we can safely hbsd-update our server even
>> without knowing what hbsdcontrol is? Does it replace secadm or can I
>> continue to use secadm as before?
> You can even use both at the same time! Use what you prefer.
> Essentially, in the documentation I'm writing:
>
> To toggle exploit mitigations, hbsdcontrol is preferred when the
> application lives on a filesystem that supports extended attributes
> (UFS and ZFS). secadm is preferred when the application lives on a
> filesystem that does NOT support extended attributes (NFS, SMB, etc.)
>
Reply all
Reply to author
Forward
0 new messages