exec_sandbox 0.1.0 → 0.1.1

data/VERSION

@@ -1 +1 @@
-0.1.0
+0.1.1

data/exec_sandbox.gemspec

@@ -0,0 +1,88 @@
+# Generated by jeweler
+# DO NOT EDIT THIS FILE DIRECTLY
+# Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
+# -*- encoding: utf-8 -*-
+
+Gem::Specification.new do |s|
+  s.name = "exec_sandbox"
+  s.version = "0.1.1"
+
+  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
+  s.authors = ["Victor Costan"]
+  s.date = "2011-10-13"
+  s.description = "Temporary users and groups, rlimits"
+  s.email = "costan@gmail.com"
+  s.extra_rdoc_files = [
+    "LICENSE.txt",
+    "README.rdoc"
+  ]
+  s.files = [
+    ".document",
+    ".project",
+    ".rspec",
+    "Gemfile",
+    "Gemfile.lock",
+    "LICENSE.txt",
+    "README.rdoc",
+    "Rakefile",
+    "VERSION",
+    "exec_sandbox.gemspec",
+    "lib/exec_sandbox.rb",
+    "lib/exec_sandbox/sandbox.rb",
+    "lib/exec_sandbox/spawn.rb",
+    "lib/exec_sandbox/users.rb",
+    "lib/exec_sandbox/wait4.rb",
+    "spec/exec_sandbox/sandbox_spec.rb",
+    "spec/exec_sandbox/spawn_spec.rb",
+    "spec/exec_sandbox/users_spec.rb",
+    "spec/exec_sandbox/wait4_spec.rb",
+    "spec/fixtures/buffer.rb",
+    "spec/fixtures/churn.rb",
+    "spec/fixtures/duplicate.rb",
+    "spec/fixtures/exit_arg.rb",
+    "spec/fixtures/fork.rb",
+    "spec/fixtures/pwd.rb",
+    "spec/fixtures/write_arg.rb",
+    "spec/spec_helper.rb",
+    "spec/support/code_fixture.rb"
+  ]
+  s.homepage = "http://github.com/pwnall/exec_sandbox"
+  s.licenses = ["MIT"]
+  s.require_paths = ["lib"]
+  s.rubygems_version = "1.8.11"
+  s.summary = "Run foreign binaries using POSIX sandboxing features"
+
+  if s.respond_to? :specification_version then
+    s.specification_version = 3
+
+    if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
+      s.add_runtime_dependency(%q<ffi>, [">= 1.0.9"])
+      s.add_development_dependency(%q<rdoc>, [">= 3.10"])
+      s.add_development_dependency(%q<rspec>, [">= 2.6.0"])
+      s.add_development_dependency(%q<yard>, [">= 0.7.2"])
+      s.add_development_dependency(%q<yard-rspec>, [">= 0.1"])
+      s.add_development_dependency(%q<bundler>, [">= 1.0.21"])
+      s.add_development_dependency(%q<jeweler>, [">= 1.6.4"])
+      s.add_development_dependency(%q<rcov>, [">= 0"])
+    else
+      s.add_dependency(%q<ffi>, [">= 1.0.9"])
+      s.add_dependency(%q<rdoc>, [">= 3.10"])
+      s.add_dependency(%q<rspec>, [">= 2.6.0"])
+      s.add_dependency(%q<yard>, [">= 0.7.2"])
+      s.add_dependency(%q<yard-rspec>, [">= 0.1"])
+      s.add_dependency(%q<bundler>, [">= 1.0.21"])
+      s.add_dependency(%q<jeweler>, [">= 1.6.4"])
+      s.add_dependency(%q<rcov>, [">= 0"])
+    end
+  else
+    s.add_dependency(%q<ffi>, [">= 1.0.9"])
+    s.add_dependency(%q<rdoc>, [">= 3.10"])
+    s.add_dependency(%q<rspec>, [">= 2.6.0"])
+    s.add_dependency(%q<yard>, [">= 0.7.2"])
+    s.add_dependency(%q<yard-rspec>, [">= 0.1"])
+    s.add_dependency(%q<bundler>, [">= 1.0.21"])
+    s.add_dependency(%q<jeweler>, [">= 1.6.4"])
+    s.add_dependency(%q<rcov>, [">= 0"])
+  end
+end
+

data/lib/exec_sandbox/sandbox.rb

@@ -9,21 +9,17 @@ class Sandbox
   # Empty sandbox.
   #
   # @param [String] admin the name of a user who will be able to peek into the
-  #                       sandbox (optional)
-  def initialize(admin = nil)
+  #                       sandbox
+  def initialize(admin)
     @user_name = ExecSandbox::Users.temp
     user_pwd = Etc.getpwnam @user_name
     @user_uid = user_pwd.uid
     @user_gid = user_pwd.gid
     @path = user_pwd.dir
-    if @admin_name = admin
-      admin_pwd = Etc.getpwnam(@admin_name)
-      @admin_uid = admin_pwd.uid
-      @admin_gid = admin_pwd.gid
-    else
-      @admin_uid = @user_uid
-      @admin_gid = @user_gid
-    end
+    @admin_name = admin
+    admin_pwd = Etc.getpwnam(@admin_name)
+    @admin_uid = admin_pwd.uid
+    @admin_gid = admin_pwd.gid
     @destroyed = false
     
     # principal argument for Spawn.spawn()
@@ -61,11 +57,14 @@ class Sandbox
   # @param [String] from relative path to the sandbox file or directory
   # @param [String] to path where the file/directory will be copied
   # @param [Hash] options tweaks the permissions and the path inside the sandbox
-  # @return [String] the path to the copied file / directory outside the sandbox
+  # @return [String] the path to the copied file / directory outside the
+  #                  sandbox, or nil if the file / directory does not exist
+  #                  inside the sandbox
   def pull(from, to)
     from = File.join @path, from
-    FileUtils.cp_r from, to
+    return nil unless File.exist? from
     
+    FileUtils.cp_r from, to
     FileUtils.chmod_R 0770, to
     FileUtils.chown_R @admin_uid, @admin_gid, to
     # NOTE: making a file / directory read-only is useless -- the sandboxed
@@ -145,7 +144,7 @@ end  # module ExecSandbox::Sandbox
   # @param [String] admin the name of a user who will be able to peek into the
   #                       sandbox (optional)
   # @return the value returned from the block passed to this method
-  def self.use(admin = nil, &block)
+  def self.use(admin = Etc.getlogin, &block)
     sandbox = ExecSandbox::Sandbox.new admin
     begin
       return yield(sandbox)
@@ -163,7 +162,7 @@ end  # module ExecSandbox::Sandbox
   # @param [String] admin the name of a user who will be able to peek into the
   #                       sandbox (optional)
   # @return the value returned from the block passed to this method
-  def self.open(admin = nil)
+  def self.open(admin = Etc.getlogin)
     ExecSandbox::Sandbox.new admin
   end
 end  # namespace ExecSandbox

data/lib/exec_sandbox/wait4.rb

@@ -19,9 +19,9 @@ module Wait4
     signal_code = status[:bits] & 0x7f
     status[:exit_code] = (signal_code != 0) ? -signal_code : status[:bits] >> 8
     status[:user_time] = rusage[:ru_utime_sec] +
-                        rusage[:ru_utime_usec] * 0.000_001
-    status[:system_time] = rusage[:ru_utime_sec] +
-                          rusage[:ru_utime_usec] * 0.000_001 
+                         rusage[:ru_utime_usec] * 0.000_001
+    status[:system_time] = rusage[:ru_stime_sec] +
+                           rusage[:ru_stime_usec] * 0.000_001 
     status[:rss] = rusage[:ru_maxrss] / 1024.0
     return status
   end

data/spec/exec_sandbox/wait4_spec.rb

@@ -20,5 +20,28 @@ describe ExecSandbox::Wait4 do
         @status[:system_time].should < 1
       end
     end
+    
+    describe 'churn.rb' do
+      before do
+        pid = Kernel.fork { Process.exec bin_fixture(:churn), '', '2' }
+        @status = ExecSandbox::Wait4.wait4 pid
+      end
+      
+      it 'should have the correct exit status' do
+        @status[:exit_code].should == 0
+      end
+      
+      it 'should not take more than 3s of user time' do
+        @status[:user_time].should < 3
+      end
+
+      it 'should not take less than 1s of user time' do
+        @status[:user_time].should > 1
+      end
+      
+      it 'should not take more than 1s of system time' do
+        @status[:system_time].should < 1
+      end
+    end
   end
 end

data/spec/fixtures/churn.rb

@@ -4,13 +4,16 @@
 # then outputs a '+' and exists.
 
 start = Time.now
-File.open(ARGV[0], 'wb') do |f|
-  f.sync = true
-  loop do
-    j = 0
-    1.upto(1_000_000) { |i| j = i * i + 100 }
-    break if Time.now - start >= ARGV[1].to_i
+loop do
+  j = 0
+  1.upto(1_000_000) { |i| j = i * i + 100 }
+  break if Time.now - start >= ARGV[1].to_i
+end
+
+unless ARGV[0].empty?
+  File.open(ARGV[0], 'wb') do |f|
+    f.sync = true
+    f.write '+'
+    f.flush
   end
-  f.write '+'
-  f.flush
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: exec_sandbox
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.1.1
   prerelease: 
 platform: ruby
 authors:
@@ -13,7 +13,7 @@ date: 2011-10-13 00:00:00.000000000Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: ffi
-  requirement: &23606780 !ruby/object:Gem::Requirement
+  requirement: &22094080 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -21,10 +21,10 @@ dependencies:
         version: 1.0.9
   type: :runtime
   prerelease: false
-  version_requirements: *23606780
+  version_requirements: *22094080
 - !ruby/object:Gem::Dependency
   name: rdoc
-  requirement: &23606160 !ruby/object:Gem::Requirement
+  requirement: &22093480 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -32,10 +32,10 @@ dependencies:
         version: '3.10'
   type: :development
   prerelease: false
-  version_requirements: *23606160
+  version_requirements: *22093480
 - !ruby/object:Gem::Dependency
   name: rspec
-  requirement: &23605400 !ruby/object:Gem::Requirement
+  requirement: &22092840 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -43,10 +43,10 @@ dependencies:
         version: 2.6.0
   type: :development
   prerelease: false
-  version_requirements: *23605400
+  version_requirements: *22092840
 - !ruby/object:Gem::Dependency
   name: yard
-  requirement: &23604760 !ruby/object:Gem::Requirement
+  requirement: &22092240 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -54,10 +54,10 @@ dependencies:
         version: 0.7.2
   type: :development
   prerelease: false
-  version_requirements: *23604760
+  version_requirements: *22092240
 - !ruby/object:Gem::Dependency
   name: yard-rspec
-  requirement: &23604040 !ruby/object:Gem::Requirement
+  requirement: &22091600 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -65,10 +65,10 @@ dependencies:
         version: '0.1'
   type: :development
   prerelease: false
-  version_requirements: *23604040
+  version_requirements: *22091600
 - !ruby/object:Gem::Dependency
   name: bundler
-  requirement: &23603320 !ruby/object:Gem::Requirement
+  requirement: &22090920 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -76,10 +76,10 @@ dependencies:
         version: 1.0.21
   type: :development
   prerelease: false
-  version_requirements: *23603320
+  version_requirements: *22090920
 - !ruby/object:Gem::Dependency
   name: jeweler
-  requirement: &23602620 !ruby/object:Gem::Requirement
+  requirement: &22089700 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -87,10 +87,10 @@ dependencies:
         version: 1.6.4
   type: :development
   prerelease: false
-  version_requirements: *23602620
+  version_requirements: *22089700
 - !ruby/object:Gem::Dependency
   name: rcov
-  requirement: &23601780 !ruby/object:Gem::Requirement
+  requirement: &22089180 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -98,7 +98,7 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *23601780
+  version_requirements: *22089180
 description: Temporary users and groups, rlimits
 email: costan@gmail.com
 executables: []
@@ -116,6 +116,7 @@ files:
 - README.rdoc
 - Rakefile
 - VERSION
+- exec_sandbox.gemspec
 - lib/exec_sandbox.rb
 - lib/exec_sandbox/sandbox.rb
 - lib/exec_sandbox/spawn.rb
@@ -149,7 +150,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: -3535790192517307381
+      hash: 1718344234877287063
 required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
   requirements: