Date: Sun, 23 Feb 2014 15:04:07 -0700 From: Warner Losh <bsdimp@gmail.com> To: David Chisnall <theraven@FreeBSD.org> Cc: FreeBSD Current <freebsd-current@freebsd.org> Subject: Re: libinit idea Message-ID: <6B911759-48AC-4981-A5E1-2634B5D01F0D@gmail.com> In-Reply-To: <0DB376E3-8C7F-4F20-9DEE-4DB98C078571@FreeBSD.org> References: <BLU179-W28221A0539478FDDF45ADDC6840@phx.gbl> <62A9DF47-C938-464B-92B6-9A2A96B5A9C9@FreeBSD.org> <530A39BB.6070003@allanjude.com> <0DB376E3-8C7F-4F20-9DEE-4DB98C078571@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Feb 23, 2014, at 11:17 AM, David Chisnall <theraven@FreeBSD.org> = wrote: > On 23 Feb 2014, at 18:11, Allan Jude <freebsd@allanjude.com> wrote: >=20 >> sysrc solves this nicely, it is in base now, and is great for >> programmatically adding, removing and changing lines in rc.conf style >> files. It is also in ports for older versions of FreeBSD where it is = not >> in base. >=20 > The problem is, there is no such thing as an rc.conf style file. = rc.conf is just a shell script. If you only edit it with sysrc, or you = are careful to preserve the structure, then it's fine. There is = absolutely nothing stopping you, however, from writing arbitrarily = complex shell scripts inside rc.conf. Sure, it's a terrible idea to do = so, but when has that ever stopped anyone? >=20 > An rc-replacement could enforce this by only accepting purely = declarative files for configuration, guaranteeing that if they were = syntactically valid they would also be machine editable, no matter what = the user does to them. We already have a rc.conf.default. Why not a rc.conf.automation that = does that and is added to the list of things to source? Then things like = sysrc could operation on that secure in the knowledge that no shell = commands could be there, and all bets are off if someone edits it by = hand? Warner
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6B911759-48AC-4981-A5E1-2634B5D01F0D>