Re: Moving rc.d scripts to base.tgz

[mlelstv%serpens.de@localhost (Michael van Elst)]

dholland-tech%NetBSD.org@localhost (David Holland) writes:

>On Mon, Apr 18, 2011 at 12:44:49AM +0200, Michael van Elst wrote:
> > > So again, how about some examples?
> > 
> > My ipf/ipnat/ipsec configuration is computed from M4 templates.
> > The ipfilter/ipnat/ipsec scripts update the real configuration
> > files before using them. This is done by defining an update_config
> > function and hook it into the process with the *cmd variables
> > that are actually scriptlets evaluated by rc.subr.

>You could also do that by adding an rc script and setting the
>ordering constraints appropriately. Not really different, except that
>way rc.conf doesn't have to be executable, as per tls's wishlist.

Also except that you no longer can run the standard scripts
individually and keep the change abstract. The real alternative
would be teach ipf/ipnat/setkey to filter their configurations
through m4 or similar.

BTW, this is not rc.conf but rc.conf.d. Even if you make it
somehow non-executable and prevent it from defining or overlaying
functions or contain directly executable statements it would be
a variable list and some of the variables are evaluated by rc.subr
and may contain code.

You have to start locking down the rc scripts and then you have to
continue by not allowing script names to be passed to programs
or locking down such programs that have shell hooks.

But a restricted configuration for security reasons is a different
issue.

-- 
-- 
                                Michael van Elst
Internet: mlelstv%serpens.de@localhost
                                "A potential Snark may lurk in every tree."