Re: Broken pipe with loginfo in a chroot jail

[Geoff Beier]

On Fri, 7 Nov 2003 10:05:10 +0100, Maarten de Boer wrote
> > Sorry if this is a silly question, but have you put a shell in your jail?
> > http://tiefighter.et.tudelft.nl/~arthur/cvsd/faq.html#cvsscripts
> 
> No, I haven't, but why would I? What I execute from loginfo is a standalone
> application, it should not need a shell at all.
> 

Sorry... I thought the link made it clear enough. When you run cvs with the -t
flag, you see a line like the following when loginfo is processed:
-> run_popen( yourLogProgram )

If you look at the cvs sources, you can see on line 396 of run.c that, as its
name would imply, run_popen() uses the popen() call to invoke your "standalone
application":

return (popen (cmd, mode));

Even though yourLogProgram is "standalone", a quick trip to popen(3) reveals:
DESCRIPTION
     The popen() function ``opens'' a process by creating a pipe, forking, and
     invoking the shell.  Since a pipe is by definition unidirectional, the
     type argument may specify only reading or writing, not both; the result-
     ing stream is correspondingly read-only or write-only.

Notice that the "invoking the shell" part is not optional. Therefore, to use
popen() in a chroot jail (which is required for loginfo) you require a shell.


HTH,

Geoff