RubyGems - exec_sandbox - Versions diffs - 0.2.5 → 0.2.6 - Mend

exec_sandbox 0.2.5 → 0.2.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

checksums.yaml +4 -4
data/VERSION +1 -1
data/exec_sandbox.gemspec +3 -4
data/lib/exec_sandbox/spawn.rb +3 -2
data/spec/exec_sandbox/spawn_spec.rb +72 -51
metadata +3 -3

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: da350882626e6b7b1dd5c43c57e61f548de41f02
-  data.tar.gz: f37a48991aac1e7a268e5cbd94d35502e87247a9
+  metadata.gz: 09f406c9093bf2a8b3fb29e4eff7fb66440212e4
+  data.tar.gz: d1843fe96b2b322628773e4c492aa30876939bb9
 SHA512:
-  metadata.gz: 6b489c3bf6517a73fd7d720aeb8cf336fc74c27e8346dc87f66a731b20dc1470091652d6cd7cabf780f5f9b498060b59d23b563cc93cea650ef441ef40024bc8
-  data.tar.gz: 0fde6ff96be6c49b0b823240ee9c2557676b2fbe60504a26995d3e6ae584589afcb6c1b711ca9e780131226384ef49843c889dec02c22db1ffc3e065e5249e28
+  metadata.gz: 72dc4cb65baf9b34dd5329ed9d454e7d9ebc38926337122e5ecba16e851fad4100542130f8e91b032f2543278cd96b5247ca67775a1c551bfab63412eb047bed
+  data.tar.gz: 75139dd187ab0dcb646d1257a4101806480ce6b26911beb1084758e89acebeaae505f8bc9723a7f7372fcf28d608f9764a8f36e8c4bce93021fbc6b5770b08d9

data/VERSION CHANGED Viewed

	@@ -1 +1 @@
1	- 0.2.5
1	+ 0.2.6

data/exec_sandbox.gemspec CHANGED Viewed

@@ -2,15 +2,14 @@
 # DO NOT EDIT THIS FILE DIRECTLY
 # Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
 # -*- encoding: utf-8 -*-
-# stub: exec_sandbox 0.2.5 ruby lib
 Gem::Specification.new do |s|
   s.name = "exec_sandbox"
-  s.version = "0.2.5"
+  s.version = "0.2.6"
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.authors = ["Victor Costan"]
-  s.date = "2014-02-05"
+  s.date = "2014-02-06"
   s.description = "Temporary users and groups, rlimits"
   s.email = "costan@gmail.com"
   s.extra_rdoc_files = [
@@ -51,7 +50,7 @@ Gem::Specification.new do |s|
   s.homepage = "http://github.com/pwnall/exec_sandbox"
   s.licenses = ["MIT"]
   s.require_paths = ["lib"]
-  s.rubygems_version = "2.1.11"
+  s.rubygems_version = "2.0.14"
   s.summary = "Run foreign binaries using POSIX sandboxing features"
   if s.respond_to? :specification_version then

data/lib/exec_sandbox/spawn.rb CHANGED Viewed

@@ -64,7 +64,7 @@ module Spawn
     # Close all file descriptors not in the redirection table.
     redirected_fds = Set.new redirects.map(&:first)
     max_fd = LibC.getdtablesize
-    0.upto(max_fd) do |fd|
+    max_fd.downto 0 do |fd|
       next if redirected_fds.include?(fd)
       next if RubyVM.rb_reserved_fd_p(fd) != 0
@@ -164,10 +164,11 @@ module Spawn
   # Maps an internal MRI function that we need.
   module RubyVM
     extend FFI::Library
-    ffi_lib RbConfig::CONFIG['RUBY_SO_NAME']
+    ffi_lib FFI::Library::CURRENT_PROCESS
     begin
       attach_function :rb_reserved_fd_p, [:int], :int
     rescue FFI::NotFoundError
+      p 'Using fd_p emulation'
       # Emulation of internal MRI function.
       #
       # This is a fallback, used in case FFI can't find the MRI function.

data/spec/exec_sandbox/spawn_spec.rb CHANGED Viewed

@@ -1,11 +1,13 @@
 require File.expand_path(File.dirname(__FILE__) + '/../spec_helper')
+require 'thread'
 describe ExecSandbox::Spawn do
   let(:test_user) { Etc.getlogin }
   let(:test_uid) { Etc.getpwnam(test_user).uid }
   let(:test_gid) { Etc.getpwnam(test_user).gid }
   let(:test_group) { Etc.getgrgid(test_gid).name }
   describe '#spawn IO redirection' do
     before do
       @temp_in = Tempfile.new 'exec_sandbox_rspec'
@@ -13,7 +15,7 @@ describe ExecSandbox::Spawn do
       @temp_in.close
       @temp_out = Tempfile.new 'exec_sandbox_rspec'
       @temp_out.close
       # Force-creating a 2nd thread to make MRI 1.9.3 crash without our fix.
       @lock = Mutex.new
       @lock.lock
@@ -35,7 +37,7 @@ describe ExecSandbox::Spawn do
       it 'should not crash' do
         @status[:exit_code].should == 0
       end
       it 'should write successfully' do
         @temp_out.open
         begin
@@ -45,7 +47,7 @@ describe ExecSandbox::Spawn do
         end
       end
     end
     describe 'with paths' do
       before do
         pid = ExecSandbox::Spawn.spawn bin_fixture(:duplicate),
@@ -54,9 +56,28 @@ describe ExecSandbox::Spawn do
         @status = ExecSandbox::Wait4.wait4 pid
       end
-      it_behaves_like 'duplicate.rb'
+      it_behaves_like 'duplicate.rb'
     end
+    describe 'with paths and a second thread' do
+      before do
+        @queue = Queue.new
+        @thread = Thread.new { @queue.pop }
+        pid = ExecSandbox::Spawn.spawn bin_fixture(:duplicate),
+            {in: @temp_in.path, out: @temp_out.path,
+             err: @temp_out.path}
+        @status = ExecSandbox::Wait4.wait4 pid
+      end
+      after do
+        @queue.push 'die'
+        @thread.join
+      end
+      it_behaves_like 'duplicate.rb'
+    end
     describe 'with file descriptors' do
       before do
         File.open(@temp_in.path, 'r') do |in_io|
@@ -70,24 +91,24 @@ describe ExecSandbox::Spawn do
       it_behaves_like 'duplicate.rb'
     end
     describe 'without stdout' do
       before do
         pid = ExecSandbox::Spawn.spawn bin_fixture(:duplicate),
                                        {in: @temp_in.path}
         @status = ExecSandbox::Wait4.wait4 pid
       end
       it 'should crash' do
         @status[:exit_code].should_not == 0
       end
     end
     shared_examples_for 'count.rb' do
       it 'should not crash' do
         @status[:exit_code].should == 0
       end
       it 'should write successfully' do
         @temp_out.open
         begin
@@ -122,7 +143,7 @@ describe ExecSandbox::Spawn do
     after do
       File.unlink(@temp_path) if File.exist?(@temp_path)
     end
     describe 'with root credentials' do
       before do
         pid = ExecSandbox::Spawn.spawn [bin_fixture(:write_arg),
@@ -131,11 +152,11 @@ describe ExecSandbox::Spawn do
         @status = ExecSandbox::Wait4.wait4 pid
         @fstat = File.stat(@temp_path)
       end
       it 'should not crash' do
         @status[:exit_code].should == 0
       end
       it 'should have the UID set to root' do
         @fstat.uid.should == 0
       end
@@ -147,7 +168,7 @@ describe ExecSandbox::Spawn do
         File.read(@temp_path).should == "Spawn uid test\n"
       end
     end
     describe 'with non-root credentials' do
       before do
         @temp.unlink
@@ -156,18 +177,18 @@ describe ExecSandbox::Spawn do
             {uid: test_uid, gid: test_gid}
         @status = ExecSandbox::Wait4.wait4 pid
       end
       it 'should not crash' do
         @status[:exit_code].should == 0
       end
       it 'should have the UID set to the test user' do
         File.stat(@temp_path).uid.should == test_uid
       end
       it 'should have the GID set to the test group' do
         File.stat(@temp_path).gid.should == test_gid
       end
       it 'should have the correct output' do
         File.read(@temp_path).should == "Spawn uid test\n"
       end
@@ -181,7 +202,7 @@ describe ExecSandbox::Spawn do
             {uid: test_uid, gid: test_gid}
         @status = ExecSandbox::Wait4.wait4 pid
       end
       it 'should crash (euid is set correctly)' do
         @status[:exit_code].should_not == 0
       end
@@ -190,7 +211,7 @@ describe ExecSandbox::Spawn do
         File.read(@temp_path).should_not == "Spawn uid test\n"
       end
     end
     describe 'with non-root credentials and a root-owned redirect file' do
       before do
         File.chmod 070, @temp_path
@@ -199,7 +220,7 @@ describe ExecSandbox::Spawn do
             {uid: test_uid, gid: test_gid}
         @status = ExecSandbox::Wait4.wait4 pid
       end
       it 'should crash (egid is set correctly)' do
         @status[:exit_code].should_not == 0
       end
@@ -208,28 +229,28 @@ describe ExecSandbox::Spawn do
         File.read(@temp_path).should_not == "Spawn uid test\n"
       end
     end
     describe 'with a working directory' do
       before do
         @temp_dir = Dir.mktmpdir 'exec_sandbox_rspec'
         pid = ExecSandbox::Spawn.spawn [bin_fixture(:pwd), @temp_path],
-            {}, {dir: @temp_dir}
+            {}, {dir: @temp_dir}
         @status = ExecSandbox::Wait4.wait4 pid
       end
       after do
         Dir.rmdir @temp_dir
       end
       it 'should not crash' do
         @status[:exit_code].should == 0
       end
       it 'should set the working directory' do
         File.read(@temp_path).should == @temp_dir
       end
     end
   end
   describe '#spawn resource limits' do
     before do
       @temp = Tempfile.new 'exec_sandbox_rspec'
@@ -239,7 +260,7 @@ describe ExecSandbox::Spawn do
     after do
       File.unlink(@temp_path) if File.exist?(@temp_path)
     end
     describe 'buffer.rb with 512 megs' do
       describe 'without limitations' do
         before do
@@ -251,28 +272,28 @@ describe ExecSandbox::Spawn do
         it 'should not crash' do
           @status[:exit_code].should == 0
         end
         it 'should output 512 megs' do
           File.stat(@temp_path).size.should == 512 * 1024 * 1024
         end
       end
       describe 'with 256mb memory limitation' do
         before do
           pid = ExecSandbox::Spawn.spawn [bin_fixture(:buffer), @temp_path,
               (512 * 1024 * 1024).to_s], {}, {}, {data: 256 * 1024 * 1024}
           @status = ExecSandbox::Wait4.wait4 pid
         end
         it 'should crash' do
           @status[:exit_code].should_not == 0
         end
         it 'should not have a chance to output data' do
           File.stat(@temp_path).size.should == 0
         end
       end
       describe 'with 256mb output limitation' do
         before do
           pid = ExecSandbox::Spawn.spawn [bin_fixture(:buffer), @temp_path,
@@ -280,28 +301,28 @@ describe ExecSandbox::Spawn do
               {file_size: 64 * 1024 * 1024}
           @status = ExecSandbox::Wait4.wait4 pid
         end
         it 'should crash' do
           @status[:exit_code].should_not == 0
         end
         it 'should not output more than 256 megs' do
           File.stat(@temp_path).size.should <= 256 * 1024 * 1024
         end
       end
     end
     describe 'buffer.rb with 128 megs' do
       shared_examples_for 'working' do
         it 'should not crash' do
           @status[:exit_code].should == 0
         end
         it 'should output 128 megs' do
           File.stat(@temp_path).size.should == 128 * 1024 * 1024
         end
       end
       describe 'without limitations' do
         before do
           pid = ExecSandbox::Spawn.spawn [bin_fixture(:buffer), @temp_path,
@@ -311,17 +332,17 @@ describe ExecSandbox::Spawn do
         it_behaves_like 'working'
       end
       describe 'with 256mb memory limitation' do
         before do
           pid = ExecSandbox::Spawn.spawn [bin_fixture(:buffer), @temp_path,
               (128 * 1024 * 1024).to_s], {}, {}, {data: 256 * 1024 * 1024}
           @status = ExecSandbox::Wait4.wait4 pid
         end
         it_behaves_like 'working'
       end
       describe 'with 256mb output limitation' do
         before do
           pid = ExecSandbox::Spawn.spawn [bin_fixture(:buffer), @temp_path,
@@ -329,12 +350,12 @@ describe ExecSandbox::Spawn do
               {file_size: 256 * 1024 * 1024}
           @status = ExecSandbox::Wait4.wait4 pid
         end
         it_behaves_like 'working'
       end
     end
     describe 'fork.rb' do
       describe 'without limitations' do
         before do
@@ -346,29 +367,29 @@ describe ExecSandbox::Spawn do
         it 'should not crash' do
           @status[:exit_code].should == 0
         end
         it 'should output 10 +es' do
           File.stat(@temp_path).size.should == 10
         end
       end
       describe 'with sub-process limitation' do
         before do
           pid = ExecSandbox::Spawn.spawn [bin_fixture(:fork), @temp_path,
               10.to_s], {}, {}, {processes: 4}
           @status = ExecSandbox::Wait4.wait4 pid
         end
         it 'should crash' do
           @status[:exit_code].should_not == 0
         end
         it 'should output less than 5 +es' do
           File.stat(@temp_path).size.should < 5
         end
       end
     end
     describe 'churn.rb' do
       describe 'without limitations' do
         before do
@@ -380,16 +401,16 @@ describe ExecSandbox::Spawn do
         it 'should not crash' do
           @status[:exit_code].should == 0
         end
         it 'should run for at least 2 seconds' do
           (@status[:user_time] + @status[:system_time]).should > 2
         end
         it 'should output something' do
           File.stat(@temp_path).size.should > 0
         end
       end
       describe 'with CPU time limitation' do
         before do
           pid = ExecSandbox::Spawn.spawn [bin_fixture(:churn), @temp_path,
@@ -404,7 +425,7 @@ describe ExecSandbox::Spawn do
         it 'should run for less than 2 seconds' do
           (@status[:user_time] + @status[:system_time]).should < 2
         end
         it 'should not have a chance to output' do
           File.stat(@temp_path).size.should == 0
         end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: exec_sandbox
 version: !ruby/object:Gem::Version
-  version: 0.2.5
+  version: 0.2.6
 platform: ruby
 authors:
 - Victor Costan
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2014-02-05 00:00:00.000000000 Z
+date: 2014-02-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: ffi
@@ -179,7 +179,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 2.1.11
+rubygems_version: 2.0.14
 signing_key:
 specification_version: 4
 summary: Run foreign binaries using POSIX sandboxing features