sysrc bug

[J. Hellenthal]

Think this would be an extra security bug considering that gets wiped out then the system isn't going to come back online after a reboot 🤪

Nice find !!!

-- 
 J. Hellenthal

The fact that there's a highway to Hell but only a stairway to Heaven says a lot about anticipated traffic volume.

> On May 30, 2021, at 01:10, Fas Xmut via freebsd-security <freebsd-security at freebsd.org> wrote:
> 
> I don't know if it is a security bug or not. When I use sysrc today, the error operations emptied my /etc/rc.conf, that's a small disaster, because my /etc/rc.conf is updated day by day, but now, it is empty.
> 
> First, change your default root shell to sh/ksh or their derived shell. (I have tested, csh will not trigger that bug).
> 
> Second, backup /etc/rc.conf to any other place.
> 
> Then do the following commands:
> 
> ------------------------------------------------------------------------
> # sysrc something_enable="NO"
> # sysrc something_enable="YES
>> "
> awk: newline in string YES
> ... at source line 1
> something_enable: NO -> YES
> ------------------------------------------------------------------------
> 
> Now see what is inside /etc/rc.conf ? Everything is empty! only one thing in it:
> 
> ------------------------------------------------------------------------
> something_enable="YES
> "
> ------------------------------------------------------------------------
> 
> Sent with [ProtonMail](https://protonmail.com) Secure Email.
> _______________________________________________
> freebsd-security at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscribe at freebsd.org"