Date: Fri, 28 Mar 1997 15:51:36 -0700 (MST) From: Brandon Gillespie <brandon@cold.org> To: Marc Slemko <marcs@znep.com> Cc: freebsd-security@FreeBSD.ORG Subject: Re: alternate approach (Re: Privileged ports...) Message-ID: <Pine.NEB.3.95.970328155019.10341B-100000@cold.org> In-Reply-To: <Pine.BSF.3.95.970328121418.22468C-100000@alive.znep.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 28 Mar 1997, Marc Slemko wrote: > That is one possible solution, but I don't think there is any point in > adding such a specific config file when so many other things could benefit > from similar functionality. It is a dupe of sysctl in a lot of ways, so > it may be an ide ato look at extending sysctl to handle it nicely. > > You need some interface to the kernel; some program like ipfw that goes > through the file and reads the rules and sets them up in the kernel. This > program could be used for a lot of things; a good project would be > extending sysctl to allow for less rigidly defined variables. eg. can > define ranges, variables that don't show up in a list until changed, > having sysctl being able to read variables from a file (although this can > be done now with a script, just isn't as nice... > > To summarize: good idea, lots of things like that, but as I have been > saying all along we need a better generalized interface to such things > because it makes little sense to keep adding little control programs here > and there. Perhaps someday.... It would be easy enough to have /etc/netstart simply chew on the port config file and feed it to sysctl. One reason I like the idea of having a file for the config is for the visual aspect. Having a bunch of vars defined in /etc/sysconfig is OK, but not as visual as being able to map everything out through a whole file.. *shrug*
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.95.970328155019.10341B-100000>