From owner-svn-src-all@FreeBSD.ORG  Wed Dec 19 22:31:01 2012
Return-Path: <owner-svn-src-all@FreeBSD.ORG>
Delivered-To: svn-src-all@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
 by hub.freebsd.org (Postfix) with ESMTP id EA4AD1D5;
 Wed, 19 Dec 2012 22:31:01 +0000 (UTC)
 (envelope-from yanegomi@gmail.com)
Received: from mail-la0-f43.google.com (mail-la0-f43.google.com
 [209.85.215.43])
 by mx1.freebsd.org (Postfix) with ESMTP id 03BCA8FC12;
 Wed, 19 Dec 2012 22:30:59 +0000 (UTC)
Received: by mail-la0-f43.google.com with SMTP id z14so1925188lag.2
 for <multiple recipients>; Wed, 19 Dec 2012 14:30:58 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:in-reply-to:references:date:message-id:subject:from:to
 :cc:content-type;
 bh=17ocGceaDK98HwnI5T+fwO4R8MK9hhGjvYzJX20tdQY=;
 b=C2UgO5o/VQ+hd/I42A3rw0ObrH4J+MmNwIdEv9buQXZ44LzyKQv2ZA4/JIbt7uk4Yu
 bJRhPgrMS1YXLi91TD8Zir39D0vRvf7Sra5CfreUlpg3ubVG4cL9XANrV1HfQ1bGAArv
 jVbwhKWD0gnWNjl3lAXZB78/F6VlpFC8bn0UF0rWS3TeACq+ziTzGFZTE7KgtT2WtUzz
 nSNkSZCmMVZiLSHMZhLaJSqO0D9kAGb1pwn2J9hH5jNs8JtMleMtNfOw+wIx4W5EH+R6
 S4MGH4at9+FMBZTCELkHK8NFNpEwOuLaIlFZEDRARPTwe7jxabbnENZOz9dmvFv5kbdq
 ZdTg==
MIME-Version: 1.0
Received: by 10.152.131.168 with SMTP id on8mr6823465lab.38.1355956258641;
 Wed, 19 Dec 2012 14:30:58 -0800 (PST)
Received: by 10.112.99.70 with HTTP; Wed, 19 Dec 2012 14:30:58 -0800 (PST)
In-Reply-To: <50D23AAA.9070804@delphij.net>
References: <201212132332.qBDNWmK4037503@svn.freebsd.org>
 <50D1D720.80206@FreeBSD.org>
 <1355931456.1198.203.camel@revolution.hippie.lan>
 <CAGH67wRfd0CcHZA5kwmdnyyTvinXyXubqVuX_FLwJ1RuMH=ZnA@mail.gmail.com>
 <CADLo839wcmrXXUD5FXGYJw3s5qW0+urYWOdUaCpdCkjFYxVTHA@mail.gmail.com>
 <CAGH67wRzpQO_gBHNVF2LVfue7uf5KYRTDo3J0Y1d5ebw0TFyDg@mail.gmail.com>
 <50D23AAA.9070804@delphij.net>
Date: Wed, 19 Dec 2012 14:30:58 -0800
Message-ID: <CAGH67wTToDPBo+kZ=XfN2A_rcG+7OPEFhYRrC2QL6m2b2L1cPQ@mail.gmail.com>
Subject: Re: svn commit: r244198 - in head: etc/rc.d sbin/sysctl
From: Garrett Cooper <yanegomi@gmail.com>
To: d@delphij.net
Content-Type: text/plain; charset=ISO-8859-1
Cc: Ian Lepore <freebsd@damnhippie.dyndns.org>, src-committers@freebsd.org,
 svn-src-all@freebsd.org, Xin LI <delphij@freebsd.org>,
 svn-src-head@freebsd.org, Andrey Zonov <zont@freebsd.org>,
 Chris Rees <utisoft@gmail.com>
X-BeenThere: svn-src-all@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "SVN commit messages for the entire src tree \(except for &quot;
 user&quot; and &quot; projects&quot; \)" <svn-src-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-all>
List-Post: <mailto:svn-src-all@freebsd.org>
List-Help: <mailto:svn-src-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Dec 2012 22:31:02 -0000

On Wed, Dec 19, 2012 at 2:07 PM, Xin Li <delphij@delphij.net> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> On 12/19/12 13:08, Garrett Cooper wrote:
>> On Wed, Dec 19, 2012 at 12:14 PM, Chris Rees <utisoft@gmail.com>
>> wrote:
>>>
>>> On 19 Dec 2012 19:37, "Garrett Cooper" <yanegomi@gmail.com>
>>> wrote:
>>>>
>>>> On Wed, Dec 19, 2012 at 7:37 AM, Ian Lepore
>>>> <freebsd@damnhippie.dyndns.org> wrote:
>>>>
>>>> ...
>>>>
>>>>> Instead of running sysctl a bunch of times, how about
>>>>> something conceptually similar to
>>>>>
>>>>> cat /etc/sysctl.d/* /etc/sysctl.conf | sysctl -f -
>>>>>
>>>>> Along with this (untested) patch to make sysctl understand
>>>>> "-f -".
>>>>>
>>>>> Hmmm, is /dev/stdin available as early as sysctl.conf runs?
>>>>> If not, the attached patch isn't going to work.
>>>>
>>>> Why not just make sysctl understand multiple -f options?
>>>> You're probably going to run into more problems parsing from
>>>> /dev/stdin and it's going to obfuscate things a lot dealing
>>>> with which file came last, feeding back diagnostic info, etc.
>>>> Please don't "linuxise" this tool.
>>>
>>> I seem to recall cpio being around a lot before Linux... Our sh
>>> also accepts piped scripts.  It's useful.
>>
>> Yes, but it just compresses data and doesn't have to necessarily
>> backtrack in order to do so.
>>
>>> ssh host cat file | sysctl -f -
>>
>> I prefer:
>>
>> ssh host cat file > foo sysctl -f foo
>>
>> ... and my bikesheds navy blue.
>
> Vulnerable to temporary file attacks (which is relatively easy to
> mitigate with mkstemp, though) and poor error handling.

    I am well aware of that; it was just a simple example.
Pedantically speaking if I really cared about "robustness" in terms of
setting sysctls, I would do this:

#!/bin/sh
set -ex
: ${TMPDIR=/tmp}
tmp="$(mktemp "$TMPDIR/sysctl.XXXXXX")"
trap "rm -f '$tmp'" EXIT
ssh host "cat file" > "$tmp"
sysctl -f "$tmp"
# =================

    But even that's not perfect: just like all the EISPIPE errors that
could come along and ruin one's day running sysctl(8) with the
previous suggested patch if one has things defined in the right/wrong
order, partial input comes across the fifo/pipe/socket/etc, or I
needed to roll back the changes as well.
Thanks,
-Garrett