svn commit: r244198 - in head: etc/rc.d sbin/sysctl

Garrett Cooper yanegomi at gmail.com
Wed Dec 19 22:31:02 UTC 2012 

On Wed, Dec 19, 2012 at 2:07 PM, Xin Li <delphij at delphij.net> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> On 12/19/12 13:08, Garrett Cooper wrote:
>> On Wed, Dec 19, 2012 at 12:14 PM, Chris Rees <utisoft at gmail.com>
>> wrote:
>>>
>>> On 19 Dec 2012 19:37, "Garrett Cooper" <yanegomi at gmail.com>
>>> wrote:
>>>>
>>>> On Wed, Dec 19, 2012 at 7:37 AM, Ian Lepore
>>>> <freebsd at damnhippie.dyndns.org> wrote:
>>>>
>>>> ...
>>>>
>>>>> Instead of running sysctl a bunch of times, how about
>>>>> something conceptually similar to
>>>>>
>>>>> cat /etc/sysctl.d/* /etc/sysctl.conf | sysctl -f -
>>>>>
>>>>> Along with this (untested) patch to make sysctl understand
>>>>> "-f -".
>>>>>
>>>>> Hmmm, is /dev/stdin available as early as sysctl.conf runs?
>>>>> If not, the attached patch isn't going to work.
>>>>
>>>> Why not just make sysctl understand multiple -f options?
>>>> You're probably going to run into more problems parsing from
>>>> /dev/stdin and it's going to obfuscate things a lot dealing
>>>> with which file came last, feeding back diagnostic info, etc.
>>>> Please don't "linuxise" this tool.
>>>
>>> I seem to recall cpio being around a lot before Linux... Our sh
>>> also accepts piped scripts.  It's useful.
>>
>> Yes, but it just compresses data and doesn't have to necessarily
>> backtrack in order to do so.
>>
>>> ssh host cat file | sysctl -f -
>>
>> I prefer:
>>
>> ssh host cat file > foo sysctl -f foo
>>
>> ... and my bikesheds navy blue.
>
> Vulnerable to temporary file attacks (which is relatively easy to
> mitigate with mkstemp, though) and poor error handling.

    I am well aware of that; it was just a simple example.
Pedantically speaking if I really cared about "robustness" in terms of
setting sysctls, I would do this:

#!/bin/sh
set -ex
: ${TMPDIR=/tmp}
tmp="$(mktemp "$TMPDIR/sysctl.XXXXXX")"
trap "rm -f '$tmp'" EXIT
ssh host "cat file" > "$tmp"
sysctl -f "$tmp"
# =================

    But even that's not perfect: just like all the EISPIPE errors that
could come along and ruin one's day running sysctl(8) with the
previous suggested patch if one has things defined in the right/wrong
order, partial input comes across the fifo/pipe/socket/etc, or I
needed to roll back the changes as well.
Thanks,
-Garrett

More information about the svn-src-head mailing list