From nobody Wed Sep 22 15:42:22 2021 X-Original-To: current@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 3E2A017CB4CB for ; Wed, 22 Sep 2021 15:42:24 +0000 (UTC) (envelope-from shawn.webb@hardenedbsd.org) Received: from mail-qk1-x736.google.com (mail-qk1-x736.google.com [IPv6:2607:f8b0:4864:20::736]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4HF2c00tszz3t3f for ; Wed, 22 Sep 2021 15:42:24 +0000 (UTC) (envelope-from shawn.webb@hardenedbsd.org) Received: by mail-qk1-x736.google.com with SMTP id i132so11370650qke.1 for ; Wed, 22 Sep 2021 08:42:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hardenedbsd.org; s=google; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=Nu88Hanoju2Ds5idQe+MepmMZNG/+7QjpoJts4HOqGc=; b=ZJPzJACx7iBfp1S0uh9PRJhbfhcAd3Tn3JQEbLFHkwErJzzyOU3Pdbin7OSv/Tyu0f EVgPjwlomhFdTEVdcIPSCj4ve0qzUuo8TlxawrDJeSiBG+QG6ZNtwIZWsg9VOgq0+DKK FomqSEXNRXNvXa/i0B3a2KBsUInr5QhCT1XQF7s32Qh95eZCn6lyn6Zj0kI5OdR36DQs WDTOoVJuEMHphKbGw7b3c7vLAKW9VOIih4EQPnmxJh5BWTIgZtRDvOyG6i95z1tZBbQV nIskZcSXaIUdP05kEiWrC6ftyR1u5luL9jKkbo5UAVHs/wyyjXSKPqgb44yuLbZRwmSV dBtA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=Nu88Hanoju2Ds5idQe+MepmMZNG/+7QjpoJts4HOqGc=; b=W0OxRFeuWeRHRnKFXFe4Ebv671+Ntd/7o8o8nS8O2qTenm69b/EZyT+t2QqBSkaE3G MegK9WIzkuh8irKoWuwiqEHVaL56zwjMqHPVbz9P1oCiBxXCrAp/i3267gPlNpNqyIz7 nBUE+wNb+svUJ9t/0WIBHH8zyQAlG1EWkZ/U4crh9JrCESfBFmNJ8ZX3dO5kbbjsdhwu cHgefRBP348P790r60LH/l7wJqFnnJzHT1l7qaDmX8QqWXMvihtcd/515o5OFmcamwcj ClkvA0qJixu+isXnca8lFbgsX4nuZ1ld/A1ylLdZMjVA2PERjRVrpyjZkspU6B4FmDaz Qi8w== X-Gm-Message-State: AOAM530GhE8ZS75HEho3ntFnxTEYfb2AuoUZYWOGvJoR0i+Xh1+YM86C /CY5qapgUlxs62sweUKh+Ppax09C1ySID4j5yvg= X-Google-Smtp-Source: ABdhPJwXKZEE1xnxE+CHm6avhj+PlUtEI2BDtOr9Bm/iXfxklgZ+OB659WtlNKNmDCnozVQtjyzO3A== X-Received: by 2002:a37:ab15:: with SMTP id u21mr501302qke.394.1632325343579; Wed, 22 Sep 2021 08:42:23 -0700 (PDT) Received: from mutt-hbsd (pool-100-16-224-136.bltmmd.fios.verizon.net. [100.16.224.136]) by smtp.gmail.com with ESMTPSA id a9sm2048117qko.27.2021.09.22.08.42.22 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 22 Sep 2021 08:42:23 -0700 (PDT) Date: Wed, 22 Sep 2021 11:42:22 -0400 From: Shawn Webb To: John Baldwin Cc: Baptiste Daroussin , current@freebsd.org, arch@FreeBSD.org Subject: Re: [HEADSUP] making /bin/sh the default shell for root Message-ID: <20210922154222.6bvnqk4kjjxewy6n@mutt-hbsd> X-Operating-System: FreeBSD mutt-hbsd 14.0-CURRENT-HBSD FreeBSD 14.0-CURRENT-HBSD X-PGP-Key: https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/blob/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc References: <20210922083645.4vnoajyvwq6wfhdf@aniel.nours.eu> <82d7f4d1-5ce9-c7ed-d993-b16b3ddac6e3@FreeBSD.org> List-Id: Discussions about the use of FreeBSD-current List-Archive: https://lists.freebsd.org/archives/freebsd-current List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-current@freebsd.org MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="ynlrt7so32gayaew" Content-Disposition: inline In-Reply-To: <82d7f4d1-5ce9-c7ed-d993-b16b3ddac6e3@FreeBSD.org> X-Rspamd-Queue-Id: 4HF2c00tszz3t3f X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; none X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[] X-ThisMailContainsUnwantedMimeParts: N --ynlrt7so32gayaew Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Sep 22, 2021 at 08:34:58AM -0700, John Baldwin wrote: > On 9/22/21 1:36 AM, Baptiste Daroussin wrote: > > Hello, > >=20 > > TL;DR: this is not a proposal to deorbit csh from base!!! > >=20 > > For years now, csh is the default root shell for FreeBSD, csh can be co= nfusing > > as a default shell for many as all other unix like settled on a bourne = shell > > compatible interactive shell: zsh, bash, or variant of ksh. > >=20 > > Recently our sh(1) has receive update to make it more user friendly in > > interactive mode: > > * command completion (thanks pstef@) > > * improvement in the emacs mode, to make it behave by default like othe= r shells > > * improvement in the vi mode (in particular the vi edit to respect $EDI= TOR) > > * support for history as described by POSIX. > >=20 > > This makes it a usable shell by default, which is why I would like to p= ropose to > > make it the default shell for root starting FreeBSD 14.0-RELEASE (not M= FCed) > >=20 > > If no strong arguments has been raised until October 15th, I will make = this > > proposal happen. > >=20 > > Again just in case: THIS IS NOT A PROPOSAL TO REMOVE CSH FROM BASE! >=20 > I think this is fine. I would also be fine with either removing 'toor' f= rom the > default password file or just leaving it as-is for POLA. (I would probab= ly > prefer removing it outright.) HardenedBSD recently removed toor. No one has complained (yet?). A small Twitter poll[0] showed that 85% of people who responded do not use toor. [0]: https://twitter.com/HardenedBSD/status/1415781911063056389 Thanks, --=20 Shawn Webb Cofounder / Security Engineer HardenedBSD https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A= 4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc --ynlrt7so32gayaew Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEA6TL67gupaZ9nzhT/y5nonf44foFAmFLTtsACgkQ/y5nonf4 4frLMQ//TWQDSx8vgbQt375Ujn9eP+uldHH69sY+4Cb0XdkgoJSm5t4UubeHjhr4 dVFoSmWTDoUW+mxdbLoAOKgSgYLrFbPqzgaZXOc7Oz0IBixQSNu2oFnba+JiDT9D gIkvupczjQziFELf44+Mkhp8awEchNjiwU76Nr3fIk0ZzOeWmzDyDbyVGs46+Uw0 QtH4nFvH/zSu2pMdq/r2vvhMKugUExHoczSQNV3tpL0IUaa4yAno8FnXTyvmbGag OBXLpu8tMrlwBOxVtLT7na1G94ZIqay+ECAs7PJuJdxqrvZiBOrzIMnIKRUy5Lnh 4A2s6fD/IX4zYd0RLBUnBx7+oTKi6OBVwYbBfHMywhbaOAfHrgNH4mnpVBx5re1b 7PfE2qUK65NXZEbqQZVGXWTSOolLE0SOUZSgEw1Mqa4ldktzUJm7JK7/lQRZx/Jr jy202LgpUXuv6usqN5GjjUGKbewFNkbwkXhadkqsnXV9fPdKbKRXg01KqmHeiU6A bUAal3IHv+mwx/JL8+c/dSmD/iZhDIho8uKFokKaIsINU+ESjFyNvUf4C1qLlfe4 v5hFCGVhRnLbfVRHGjyoDbW5ay7La2GKhcEUB+CQHtIt2HYZ1vFwl4hOtGv6WWT4 zmws1euGBi1vn8U9HhdT2HcTP/KljmE6QNwj4v/bXsM2zOy2Q+Y= =GJ7+ -----END PGP SIGNATURE----- --ynlrt7so32gayaew--