Re: svn commit: r244198 - in head: etc/rc.d sbin/sysctl

Wed, 19 Dec 2012 14:31:12 -0800 

On Wed, Dec 19, 2012 at 2:07 PM, Xin Li <delp...@delphij.net> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> On 12/19/12 13:08, Garrett Cooper wrote:
>> On Wed, Dec 19, 2012 at 12:14 PM, Chris Rees <utis...@gmail.com>
>> wrote:
>>>
>>> On 19 Dec 2012 19:37, "Garrett Cooper" <yaneg...@gmail.com>
>>> wrote:
>>>>
>>>> On Wed, Dec 19, 2012 at 7:37 AM, Ian Lepore
>>>> <free...@damnhippie.dyndns.org> wrote:
>>>>
>>>> ...
>>>>
>>>>> Instead of running sysctl a bunch of times, how about
>>>>> something conceptually similar to
>>>>>
>>>>> cat /etc/sysctl.d/* /etc/sysctl.conf | sysctl -f -
>>>>>
>>>>> Along with this (untested) patch to make sysctl understand
>>>>> "-f -".
>>>>>
>>>>> Hmmm, is /dev/stdin available as early as sysctl.conf runs?
>>>>> If not, the attached patch isn't going to work.
>>>>
>>>> Why not just make sysctl understand multiple -f options?
>>>> You're probably going to run into more problems parsing from
>>>> /dev/stdin and it's going to obfuscate things a lot dealing
>>>> with which file came last, feeding back diagnostic info, etc.
>>>> Please don't "linuxise" this tool.
>>>
>>> I seem to recall cpio being around a lot before Linux... Our sh
>>> also accepts piped scripts.  It's useful.
>>
>> Yes, but it just compresses data and doesn't have to necessarily
>> backtrack in order to do so.
>>
>>> ssh host cat file | sysctl -f -
>>
>> I prefer:
>>
>> ssh host cat file > foo sysctl -f foo
>>
>> ... and my bikesheds navy blue.
>
> Vulnerable to temporary file attacks (which is relatively easy to
> mitigate with mkstemp, though) and poor error handling.

    I am well aware of that; it was just a simple example.
Pedantically speaking if I really cared about "robustness" in terms of
setting sysctls, I would do this:

#!/bin/sh
set -ex
: ${TMPDIR=/tmp}
tmp="$(mktemp "$TMPDIR/sysctl.XXXXXX")"
trap "rm -f '$tmp'" EXIT
ssh host "cat file" > "$tmp"
sysctl -f "$tmp"
# =================

    But even that's not perfect: just like all the EISPIPE errors that
could come along and ruin one's day running sysctl(8) with the
previous suggested patch if one has things defined in the right/wrong
order, partial input comes across the fifo/pipe/socket/etc, or I
needed to roll back the changes as well.
Thanks,
-Garrett
_______________________________________________
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

Reply via email to