Date: Wed, 19 Dec 2012 14:30:58 -0800 From: Garrett Cooper <yanegomi@gmail.com> To: d@delphij.net Cc: Ian Lepore <freebsd@damnhippie.dyndns.org>, src-committers@freebsd.org, svn-src-all@freebsd.org, Xin LI <delphij@freebsd.org>, svn-src-head@freebsd.org, Andrey Zonov <zont@freebsd.org>, Chris Rees <utisoft@gmail.com> Subject: Re: svn commit: r244198 - in head: etc/rc.d sbin/sysctl Message-ID: <CAGH67wTToDPBo%2BkZ=XfN2A_rcG%2B7OPEFhYRrC2QL6m2b2L1cPQ@mail.gmail.com> In-Reply-To: <50D23AAA.9070804@delphij.net> References: <201212132332.qBDNWmK4037503@svn.freebsd.org> <50D1D720.80206@FreeBSD.org> <1355931456.1198.203.camel@revolution.hippie.lan> <CAGH67wRfd0CcHZA5kwmdnyyTvinXyXubqVuX_FLwJ1RuMH=ZnA@mail.gmail.com> <CADLo839wcmrXXUD5FXGYJw3s5qW0%2BurYWOdUaCpdCkjFYxVTHA@mail.gmail.com> <CAGH67wRzpQO_gBHNVF2LVfue7uf5KYRTDo3J0Y1d5ebw0TFyDg@mail.gmail.com> <50D23AAA.9070804@delphij.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Dec 19, 2012 at 2:07 PM, Xin Li <delphij@delphij.net> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> On 12/19/12 13:08, Garrett Cooper wrote:
>> On Wed, Dec 19, 2012 at 12:14 PM, Chris Rees <utisoft@gmail.com>
>> wrote:
>>>
>>> On 19 Dec 2012 19:37, "Garrett Cooper" <yanegomi@gmail.com>
>>> wrote:
>>>>
>>>> On Wed, Dec 19, 2012 at 7:37 AM, Ian Lepore
>>>> <freebsd@damnhippie.dyndns.org> wrote:
>>>>
>>>> ...
>>>>
>>>>> Instead of running sysctl a bunch of times, how about
>>>>> something conceptually similar to
>>>>>
>>>>> cat /etc/sysctl.d/* /etc/sysctl.conf | sysctl -f -
>>>>>
>>>>> Along with this (untested) patch to make sysctl understand
>>>>> "-f -".
>>>>>
>>>>> Hmmm, is /dev/stdin available as early as sysctl.conf runs?
>>>>> If not, the attached patch isn't going to work.
>>>>
>>>> Why not just make sysctl understand multiple -f options?
>>>> You're probably going to run into more problems parsing from
>>>> /dev/stdin and it's going to obfuscate things a lot dealing
>>>> with which file came last, feeding back diagnostic info, etc.
>>>> Please don't "linuxise" this tool.
>>>
>>> I seem to recall cpio being around a lot before Linux... Our sh
>>> also accepts piped scripts. It's useful.
>>
>> Yes, but it just compresses data and doesn't have to necessarily
>> backtrack in order to do so.
>>
>>> ssh host cat file | sysctl -f -
>>
>> I prefer:
>>
>> ssh host cat file > foo sysctl -f foo
>>
>> ... and my bikesheds navy blue.
>
> Vulnerable to temporary file attacks (which is relatively easy to
> mitigate with mkstemp, though) and poor error handling.
I am well aware of that; it was just a simple example.
Pedantically speaking if I really cared about "robustness" in terms of
setting sysctls, I would do this:
#!/bin/sh
set -ex
: ${TMPDIR=/tmp}
tmp="$(mktemp "$TMPDIR/sysctl.XXXXXX")"
trap "rm -f '$tmp'" EXIT
ssh host "cat file" > "$tmp"
sysctl -f "$tmp"
# =================
But even that's not perfect: just like all the EISPIPE errors that
could come along and ruin one's day running sysctl(8) with the
previous suggested patch if one has things defined in the right/wrong
order, partial input comes across the fifo/pipe/socket/etc, or I
needed to roll back the changes as well.
Thanks,
-Garrett
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAGH67wTToDPBo%2BkZ=XfN2A_rcG%2B7OPEFhYRrC2QL6m2b2L1cPQ>