On Feb 23, 2014, at 11:17 AM, David Chisnall <thera...@freebsd.org> wrote:

> On 23 Feb 2014, at 18:11, Allan Jude <free...@allanjude.com> wrote:
>> sysrc solves this nicely, it is in base now, and is great for
>> programmatically adding, removing and changing lines in rc.conf style
>> files. It is also in ports for older versions of FreeBSD where it is not
>> in base.
> The problem is, there is no such thing as an rc.conf style file.  rc.conf is 
> just a shell script.  If you only edit it with sysrc, or you are careful to 
> preserve the structure, then it's fine.  There is absolutely nothing stopping 
> you, however, from writing arbitrarily complex shell scripts inside rc.conf.  
> Sure, it's a terrible idea to do so, but when has that ever stopped anyone?
> An rc-replacement could enforce this by only accepting purely declarative 
> files for configuration, guaranteeing that if they were syntactically valid 
> they would also be machine editable, no matter what the user does to them.

We already have a rc.conf.default. Why not a rc.conf.automation that does that 
and is added to the list of things to source? Then things like sysrc could 
operation on that secure in the knowledge that no shell commands could be 
there, and all bets are off if someone edits it by hand?


freebsd-current@freebsd.org mailing list
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"

Reply via email to