use S for extras security at the expense of performance. Use other options only if you know what you are doing and have specific needs. BTW, ssh and sshd enable S by themselves. -Otto
-> so "S" is the best way, Thanks! :) Sent: Friday, October 14, 2016 at 12:20 PM From: "Otto Moerbeek" <[email protected]> To: "Peter Janos" <[email protected]> Cc: "openbsd misc" <[email protected]> Subject: Re: What are the security features in OpenBSD 6.0 that are by default disabled? On Fri, Oct 14, 2016 at 09:21:24AM +0200, Peter Janos wrote: > Hello, > > I know some features that can give additional security isn't turned on due to > because of the bad quality of the code in ports and some also decreases > performance (or disables a feature, ex.: screenlock doesn't work if nosuid > set, but if feature not used, nousid can be used). > > I only know about these "security hardenings", hopefully all are ok (if not, > please say/argue!): > > ================================================================== > ln -s GJU /etc/malloc.conf $ man man.conf | grep security -Otto
