exec_sandbox 0.2.5 → 0.2.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: da350882626e6b7b1dd5c43c57e61f548de41f02
4
- data.tar.gz: f37a48991aac1e7a268e5cbd94d35502e87247a9
3
+ metadata.gz: 09f406c9093bf2a8b3fb29e4eff7fb66440212e4
4
+ data.tar.gz: d1843fe96b2b322628773e4c492aa30876939bb9
5
5
  SHA512:
6
- metadata.gz: 6b489c3bf6517a73fd7d720aeb8cf336fc74c27e8346dc87f66a731b20dc1470091652d6cd7cabf780f5f9b498060b59d23b563cc93cea650ef441ef40024bc8
7
- data.tar.gz: 0fde6ff96be6c49b0b823240ee9c2557676b2fbe60504a26995d3e6ae584589afcb6c1b711ca9e780131226384ef49843c889dec02c22db1ffc3e065e5249e28
6
+ metadata.gz: 72dc4cb65baf9b34dd5329ed9d454e7d9ebc38926337122e5ecba16e851fad4100542130f8e91b032f2543278cd96b5247ca67775a1c551bfab63412eb047bed
7
+ data.tar.gz: 75139dd187ab0dcb646d1257a4101806480ce6b26911beb1084758e89acebeaae505f8bc9723a7f7372fcf28d608f9764a8f36e8c4bce93021fbc6b5770b08d9
data/VERSION CHANGED
@@ -1 +1 @@
1
- 0.2.5
1
+ 0.2.6
data/exec_sandbox.gemspec CHANGED
@@ -2,15 +2,14 @@
2
2
  # DO NOT EDIT THIS FILE DIRECTLY
3
3
  # Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
4
4
  # -*- encoding: utf-8 -*-
5
- # stub: exec_sandbox 0.2.5 ruby lib
6
5
 
7
6
  Gem::Specification.new do |s|
8
7
  s.name = "exec_sandbox"
9
- s.version = "0.2.5"
8
+ s.version = "0.2.6"
10
9
 
11
10
  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
12
11
  s.authors = ["Victor Costan"]
13
- s.date = "2014-02-05"
12
+ s.date = "2014-02-06"
14
13
  s.description = "Temporary users and groups, rlimits"
15
14
  s.email = "costan@gmail.com"
16
15
  s.extra_rdoc_files = [
@@ -51,7 +50,7 @@ Gem::Specification.new do |s|
51
50
  s.homepage = "http://github.com/pwnall/exec_sandbox"
52
51
  s.licenses = ["MIT"]
53
52
  s.require_paths = ["lib"]
54
- s.rubygems_version = "2.1.11"
53
+ s.rubygems_version = "2.0.14"
55
54
  s.summary = "Run foreign binaries using POSIX sandboxing features"
56
55
 
57
56
  if s.respond_to? :specification_version then
@@ -64,7 +64,7 @@ module Spawn
64
64
  # Close all file descriptors not in the redirection table.
65
65
  redirected_fds = Set.new redirects.map(&:first)
66
66
  max_fd = LibC.getdtablesize
67
- 0.upto(max_fd) do |fd|
67
+ max_fd.downto 0 do |fd|
68
68
  next if redirected_fds.include?(fd)
69
69
 
70
70
  next if RubyVM.rb_reserved_fd_p(fd) != 0
@@ -164,10 +164,11 @@ module Spawn
164
164
  # Maps an internal MRI function that we need.
165
165
  module RubyVM
166
166
  extend FFI::Library
167
- ffi_lib RbConfig::CONFIG['RUBY_SO_NAME']
167
+ ffi_lib FFI::Library::CURRENT_PROCESS
168
168
  begin
169
169
  attach_function :rb_reserved_fd_p, [:int], :int
170
170
  rescue FFI::NotFoundError
171
+ p 'Using fd_p emulation'
171
172
  # Emulation of internal MRI function.
172
173
  #
173
174
  # This is a fallback, used in case FFI can't find the MRI function.
@@ -1,11 +1,13 @@
1
1
  require File.expand_path(File.dirname(__FILE__) + '/../spec_helper')
2
2
 
3
+ require 'thread'
4
+
3
5
  describe ExecSandbox::Spawn do
4
6
  let(:test_user) { Etc.getlogin }
5
7
  let(:test_uid) { Etc.getpwnam(test_user).uid }
6
8
  let(:test_gid) { Etc.getpwnam(test_user).gid }
7
9
  let(:test_group) { Etc.getgrgid(test_gid).name }
8
-
10
+
9
11
  describe '#spawn IO redirection' do
10
12
  before do
11
13
  @temp_in = Tempfile.new 'exec_sandbox_rspec'
@@ -13,7 +15,7 @@ describe ExecSandbox::Spawn do
13
15
  @temp_in.close
14
16
  @temp_out = Tempfile.new 'exec_sandbox_rspec'
15
17
  @temp_out.close
16
-
18
+
17
19
  # Force-creating a 2nd thread to make MRI 1.9.3 crash without our fix.
18
20
  @lock = Mutex.new
19
21
  @lock.lock
@@ -35,7 +37,7 @@ describe ExecSandbox::Spawn do
35
37
  it 'should not crash' do
36
38
  @status[:exit_code].should == 0
37
39
  end
38
-
40
+
39
41
  it 'should write successfully' do
40
42
  @temp_out.open
41
43
  begin
@@ -45,7 +47,7 @@ describe ExecSandbox::Spawn do
45
47
  end
46
48
  end
47
49
  end
48
-
50
+
49
51
  describe 'with paths' do
50
52
  before do
51
53
  pid = ExecSandbox::Spawn.spawn bin_fixture(:duplicate),
@@ -54,9 +56,28 @@ describe ExecSandbox::Spawn do
54
56
  @status = ExecSandbox::Wait4.wait4 pid
55
57
  end
56
58
 
57
- it_behaves_like 'duplicate.rb'
59
+ it_behaves_like 'duplicate.rb'
58
60
  end
59
-
61
+
62
+ describe 'with paths and a second thread' do
63
+ before do
64
+ @queue = Queue.new
65
+ @thread = Thread.new { @queue.pop }
66
+
67
+ pid = ExecSandbox::Spawn.spawn bin_fixture(:duplicate),
68
+ {in: @temp_in.path, out: @temp_out.path,
69
+ err: @temp_out.path}
70
+ @status = ExecSandbox::Wait4.wait4 pid
71
+ end
72
+
73
+ after do
74
+ @queue.push 'die'
75
+ @thread.join
76
+ end
77
+
78
+ it_behaves_like 'duplicate.rb'
79
+ end
80
+
60
81
  describe 'with file descriptors' do
61
82
  before do
62
83
  File.open(@temp_in.path, 'r') do |in_io|
@@ -70,24 +91,24 @@ describe ExecSandbox::Spawn do
70
91
 
71
92
  it_behaves_like 'duplicate.rb'
72
93
  end
73
-
94
+
74
95
  describe 'without stdout' do
75
96
  before do
76
97
  pid = ExecSandbox::Spawn.spawn bin_fixture(:duplicate),
77
98
  {in: @temp_in.path}
78
99
  @status = ExecSandbox::Wait4.wait4 pid
79
100
  end
80
-
101
+
81
102
  it 'should crash' do
82
103
  @status[:exit_code].should_not == 0
83
104
  end
84
105
  end
85
-
106
+
86
107
  shared_examples_for 'count.rb' do
87
108
  it 'should not crash' do
88
109
  @status[:exit_code].should == 0
89
110
  end
90
-
111
+
91
112
  it 'should write successfully' do
92
113
  @temp_out.open
93
114
  begin
@@ -122,7 +143,7 @@ describe ExecSandbox::Spawn do
122
143
  after do
123
144
  File.unlink(@temp_path) if File.exist?(@temp_path)
124
145
  end
125
-
146
+
126
147
  describe 'with root credentials' do
127
148
  before do
128
149
  pid = ExecSandbox::Spawn.spawn [bin_fixture(:write_arg),
@@ -131,11 +152,11 @@ describe ExecSandbox::Spawn do
131
152
  @status = ExecSandbox::Wait4.wait4 pid
132
153
  @fstat = File.stat(@temp_path)
133
154
  end
134
-
155
+
135
156
  it 'should not crash' do
136
157
  @status[:exit_code].should == 0
137
158
  end
138
-
159
+
139
160
  it 'should have the UID set to root' do
140
161
  @fstat.uid.should == 0
141
162
  end
@@ -147,7 +168,7 @@ describe ExecSandbox::Spawn do
147
168
  File.read(@temp_path).should == "Spawn uid test\n"
148
169
  end
149
170
  end
150
-
171
+
151
172
  describe 'with non-root credentials' do
152
173
  before do
153
174
  @temp.unlink
@@ -156,18 +177,18 @@ describe ExecSandbox::Spawn do
156
177
  {uid: test_uid, gid: test_gid}
157
178
  @status = ExecSandbox::Wait4.wait4 pid
158
179
  end
159
-
180
+
160
181
  it 'should not crash' do
161
182
  @status[:exit_code].should == 0
162
183
  end
163
-
184
+
164
185
  it 'should have the UID set to the test user' do
165
186
  File.stat(@temp_path).uid.should == test_uid
166
187
  end
167
188
  it 'should have the GID set to the test group' do
168
189
  File.stat(@temp_path).gid.should == test_gid
169
190
  end
170
-
191
+
171
192
  it 'should have the correct output' do
172
193
  File.read(@temp_path).should == "Spawn uid test\n"
173
194
  end
@@ -181,7 +202,7 @@ describe ExecSandbox::Spawn do
181
202
  {uid: test_uid, gid: test_gid}
182
203
  @status = ExecSandbox::Wait4.wait4 pid
183
204
  end
184
-
205
+
185
206
  it 'should crash (euid is set correctly)' do
186
207
  @status[:exit_code].should_not == 0
187
208
  end
@@ -190,7 +211,7 @@ describe ExecSandbox::Spawn do
190
211
  File.read(@temp_path).should_not == "Spawn uid test\n"
191
212
  end
192
213
  end
193
-
214
+
194
215
  describe 'with non-root credentials and a root-owned redirect file' do
195
216
  before do
196
217
  File.chmod 070, @temp_path
@@ -199,7 +220,7 @@ describe ExecSandbox::Spawn do
199
220
  {uid: test_uid, gid: test_gid}
200
221
  @status = ExecSandbox::Wait4.wait4 pid
201
222
  end
202
-
223
+
203
224
  it 'should crash (egid is set correctly)' do
204
225
  @status[:exit_code].should_not == 0
205
226
  end
@@ -208,28 +229,28 @@ describe ExecSandbox::Spawn do
208
229
  File.read(@temp_path).should_not == "Spawn uid test\n"
209
230
  end
210
231
  end
211
-
232
+
212
233
  describe 'with a working directory' do
213
234
  before do
214
235
  @temp_dir = Dir.mktmpdir 'exec_sandbox_rspec'
215
236
  pid = ExecSandbox::Spawn.spawn [bin_fixture(:pwd), @temp_path],
216
- {}, {dir: @temp_dir}
237
+ {}, {dir: @temp_dir}
217
238
  @status = ExecSandbox::Wait4.wait4 pid
218
239
  end
219
240
  after do
220
241
  Dir.rmdir @temp_dir
221
242
  end
222
-
243
+
223
244
  it 'should not crash' do
224
245
  @status[:exit_code].should == 0
225
246
  end
226
-
247
+
227
248
  it 'should set the working directory' do
228
249
  File.read(@temp_path).should == @temp_dir
229
250
  end
230
251
  end
231
252
  end
232
-
253
+
233
254
  describe '#spawn resource limits' do
234
255
  before do
235
256
  @temp = Tempfile.new 'exec_sandbox_rspec'
@@ -239,7 +260,7 @@ describe ExecSandbox::Spawn do
239
260
  after do
240
261
  File.unlink(@temp_path) if File.exist?(@temp_path)
241
262
  end
242
-
263
+
243
264
  describe 'buffer.rb with 512 megs' do
244
265
  describe 'without limitations' do
245
266
  before do
@@ -251,28 +272,28 @@ describe ExecSandbox::Spawn do
251
272
  it 'should not crash' do
252
273
  @status[:exit_code].should == 0
253
274
  end
254
-
275
+
255
276
  it 'should output 512 megs' do
256
277
  File.stat(@temp_path).size.should == 512 * 1024 * 1024
257
278
  end
258
279
  end
259
-
280
+
260
281
  describe 'with 256mb memory limitation' do
261
282
  before do
262
283
  pid = ExecSandbox::Spawn.spawn [bin_fixture(:buffer), @temp_path,
263
284
  (512 * 1024 * 1024).to_s], {}, {}, {data: 256 * 1024 * 1024}
264
285
  @status = ExecSandbox::Wait4.wait4 pid
265
286
  end
266
-
287
+
267
288
  it 'should crash' do
268
289
  @status[:exit_code].should_not == 0
269
290
  end
270
-
291
+
271
292
  it 'should not have a chance to output data' do
272
293
  File.stat(@temp_path).size.should == 0
273
294
  end
274
295
  end
275
-
296
+
276
297
  describe 'with 256mb output limitation' do
277
298
  before do
278
299
  pid = ExecSandbox::Spawn.spawn [bin_fixture(:buffer), @temp_path,
@@ -280,28 +301,28 @@ describe ExecSandbox::Spawn do
280
301
  {file_size: 64 * 1024 * 1024}
281
302
  @status = ExecSandbox::Wait4.wait4 pid
282
303
  end
283
-
304
+
284
305
  it 'should crash' do
285
306
  @status[:exit_code].should_not == 0
286
307
  end
287
-
308
+
288
309
  it 'should not output more than 256 megs' do
289
310
  File.stat(@temp_path).size.should <= 256 * 1024 * 1024
290
311
  end
291
312
  end
292
313
  end
293
-
314
+
294
315
  describe 'buffer.rb with 128 megs' do
295
316
  shared_examples_for 'working' do
296
317
  it 'should not crash' do
297
318
  @status[:exit_code].should == 0
298
319
  end
299
-
320
+
300
321
  it 'should output 128 megs' do
301
322
  File.stat(@temp_path).size.should == 128 * 1024 * 1024
302
323
  end
303
324
  end
304
-
325
+
305
326
  describe 'without limitations' do
306
327
  before do
307
328
  pid = ExecSandbox::Spawn.spawn [bin_fixture(:buffer), @temp_path,
@@ -311,17 +332,17 @@ describe ExecSandbox::Spawn do
311
332
 
312
333
  it_behaves_like 'working'
313
334
  end
314
-
335
+
315
336
  describe 'with 256mb memory limitation' do
316
337
  before do
317
338
  pid = ExecSandbox::Spawn.spawn [bin_fixture(:buffer), @temp_path,
318
339
  (128 * 1024 * 1024).to_s], {}, {}, {data: 256 * 1024 * 1024}
319
340
  @status = ExecSandbox::Wait4.wait4 pid
320
341
  end
321
-
342
+
322
343
  it_behaves_like 'working'
323
344
  end
324
-
345
+
325
346
  describe 'with 256mb output limitation' do
326
347
  before do
327
348
  pid = ExecSandbox::Spawn.spawn [bin_fixture(:buffer), @temp_path,
@@ -329,12 +350,12 @@ describe ExecSandbox::Spawn do
329
350
  {file_size: 256 * 1024 * 1024}
330
351
  @status = ExecSandbox::Wait4.wait4 pid
331
352
  end
332
-
353
+
333
354
  it_behaves_like 'working'
334
355
  end
335
356
  end
336
-
337
-
357
+
358
+
338
359
  describe 'fork.rb' do
339
360
  describe 'without limitations' do
340
361
  before do
@@ -346,29 +367,29 @@ describe ExecSandbox::Spawn do
346
367
  it 'should not crash' do
347
368
  @status[:exit_code].should == 0
348
369
  end
349
-
370
+
350
371
  it 'should output 10 +es' do
351
372
  File.stat(@temp_path).size.should == 10
352
373
  end
353
374
  end
354
-
375
+
355
376
  describe 'with sub-process limitation' do
356
377
  before do
357
378
  pid = ExecSandbox::Spawn.spawn [bin_fixture(:fork), @temp_path,
358
379
  10.to_s], {}, {}, {processes: 4}
359
380
  @status = ExecSandbox::Wait4.wait4 pid
360
381
  end
361
-
382
+
362
383
  it 'should crash' do
363
384
  @status[:exit_code].should_not == 0
364
385
  end
365
-
386
+
366
387
  it 'should output less than 5 +es' do
367
388
  File.stat(@temp_path).size.should < 5
368
389
  end
369
390
  end
370
391
  end
371
-
392
+
372
393
  describe 'churn.rb' do
373
394
  describe 'without limitations' do
374
395
  before do
@@ -380,16 +401,16 @@ describe ExecSandbox::Spawn do
380
401
  it 'should not crash' do
381
402
  @status[:exit_code].should == 0
382
403
  end
383
-
404
+
384
405
  it 'should run for at least 2 seconds' do
385
406
  (@status[:user_time] + @status[:system_time]).should > 2
386
407
  end
387
-
408
+
388
409
  it 'should output something' do
389
410
  File.stat(@temp_path).size.should > 0
390
411
  end
391
412
  end
392
-
413
+
393
414
  describe 'with CPU time limitation' do
394
415
  before do
395
416
  pid = ExecSandbox::Spawn.spawn [bin_fixture(:churn), @temp_path,
@@ -404,7 +425,7 @@ describe ExecSandbox::Spawn do
404
425
  it 'should run for less than 2 seconds' do
405
426
  (@status[:user_time] + @status[:system_time]).should < 2
406
427
  end
407
-
428
+
408
429
  it 'should not have a chance to output' do
409
430
  File.stat(@temp_path).size.should == 0
410
431
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: exec_sandbox
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.5
4
+ version: 0.2.6
5
5
  platform: ruby
6
6
  authors:
7
7
  - Victor Costan
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2014-02-05 00:00:00.000000000 Z
11
+ date: 2014-02-06 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: ffi
@@ -179,7 +179,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
179
179
  version: '0'
180
180
  requirements: []
181
181
  rubyforge_project:
182
- rubygems_version: 2.1.11
182
+ rubygems_version: 2.0.14
183
183
  signing_key:
184
184
  specification_version: 4
185
185
  summary: Run foreign binaries using POSIX sandboxing features