passing options thru '/etc/rc.d/foo start'
Ruben de Groot
mail25 at bzerk.org
Thu Sep 17 17:55:38 UTC 2009
On Thu, Sep 17, 2009 at 07:14:29PM +0200, Mel Flynn typed:
> On Wednesday 16 September 2009 21:18:03 Tom Worster wrote:
> > On 9/16/09 2:37 PM, "Mel Flynn"
> >
> > <mel.flynn+fbsd.questions at mailing.thruhere.net> wrote:
> > > On Wednesday 16 September 2009 20:21:40 Chris Cowart wrote:
> > >> Tom Worster wrote:
> > >>> thanks, Mel, that's good to know.
> > >>>
> > >>> i think your suggestion of modifying rc.conf will turn out to be a tidy
> > >>> solution for me.
> > >>
> > >> You could also just put:
> > >>
> > >> sshd_flags="-o X11Forwarding=no"
> > >>
> > >> into your /etc/rc.conf file.
> > >
> > > What he wants is passing arguments without touching config files, which I
> > > find myself needing sometimes as well, on machines where static
> > > partitions are mounted read-only + kern.secure_level.
> >
> > that's right.
> >
> > when i read in 11.7 of the handbook: "Since the rc.d system is primarily
> > intended to start/stop services at system startup/shutdown time, ..." i
> > thought: maybe i'm making things hard by trying to use rc.d scripts when i
> > could just execute the daemon's binary.
>
> One downside I forgot to mention:
> You do open yourself up now to SSHD_FLAGS="-o AllowRoot=yes", so you may need
> to complicate the logic a bit more, by sanitizing SSHD_FLAGS.
Please explain how this can be exploited by a non-root user?
Ruben
More information about the freebsd-questions
mailing list