Justin Wells writes:
>
> 1) before you chroot you have to chdir, so it would actually require a
> shell script. otherwise on many unixes there is a chdir hack that
> allows you to break out of the chroot.
So? Many of us end up running a shell script anyway for other reasons.
It's not that big a deal.
> 2) cvs pserver needs to run as root long enough to setuid/setgid, and i
> wanted to add a line of code ensuring that that really happened. if
> for some reason the setuid/setgid doesn't happen, and cvs is left
> running as root, i want it to die before looking at any more user input.
If either setuid or setgid fails, CVS exits immediately. People
complain that CVS won't let root do commits, you're going to keep root
from doing anything! (Well, your patch only objects if you've also
chroot'ed, but the principle's the same.)
> 3) this way the cvs binary does not have to live inside the chrooted area,
> so you don't have to re-install cvs again if your system wide cvs
> happens to have this '--chroot' flag.
If you run a shell script, it can copy the binary if it doesn't already
exist.
> And, really, the cost is not high. It was about a five line change.
But it's very Unix specific, and it seems to me to be adding the kitchen
sink to CVS.
-Larry Jones
I'm a genius. -- Calvin
