info-cvs
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Broken pipe with loginfo in a chroot jail

From: Geoff Beier
Subject: Re: Broken pipe with loginfo in a chroot jail
Date: Fri, 7 Nov 2003 11:24:00 -0400 
On Fri, 7 Nov 2003 15:50:32 +0100, Maarten de Boer wrote
> > Notice that the "invoking the shell" part is not optional. Therefore, to use
> > popen() in a chroot jail (which is required for loginfo) you require a 
> > shell.
> 
> Ah. That would explain a lot... Which shell would that be? /bin/sh?
> Having a shell in the chroot jail is of course far from ideal.. Is 
> there some way aroudn this? Could I use some shell that allows nothing?
> 
It's /bin/sh. It would normally be a good idea for this to be
Bourne-compatible, but I really doubt that matters in your situation. If I had
to make loginfo work in a jail, I'd break my task into two pieces:

1. Get it working using the ash shell... its tiny, mostly bourne- and
POSIX-compliant, and can easily be statically linked.
2. Once that is working reliably, attempt to customize smrsh, rcsh or a
similar restricted shell for my setup.

HTH,

Geoff
reply via email to
[Prev in Thread] Current Thread [Next in Thread]