Re: Subversion, PHP and Web development

From: Perry E. Metzger <perry_at_piermont.com>
Date: 2004-02-23 20:17:29 CET

Ben Collins-Sussman <sussman@collab.net> writes:
> A word of warning, though: many unixes won't let you 'chmod +s' a shell
> script, which is necessary if I want the post-commit hook script to run
> as user 'sussman'. So instead, my post-commit hook is a tiny C program
> with +s :
>
> #include <stdlib.h>
> int main(int argc, const char *argv[])
> {
> system("/usr/local/bin/svn update /home/sussman/public_html");
> }

For safety, I'd do an exec instead, and clean the environment vars.
You never know what evil someone might include in things like
PATH or IFS.

This is pretty easy to do, of course, just have a variable like:

char *newenv[] = { "PATH=/bin:/usr/bin", "SHELL=/bin/sh", NULL };

to contain your smashed environment, then:

execle("/usr/local/bin/svn", "svn", "update", "/home/sussman/public_html", newenv);

You have far fewer worries that way.

Perry

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Mon Feb 23 20:17:21 2004

This message: [ Message body ]
Next message: Delbert D. Franz: "Re: Strange problem with archive/extraction of working copy"
Previous message: Perry E. Metzger: "Re: svnserve+ssh"
In reply to: Ben Collins-Sussman: "Re: Subversion, PHP and Web development"
Next in thread: Benjamin Zeiss: "Re: Subversion, PHP and Web development"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]