exec_sandbox 0.2.5 → 0.2.6

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: da350882626e6b7b1dd5c43c57e61f548de41f02
-  data.tar.gz: f37a48991aac1e7a268e5cbd94d35502e87247a9
+  metadata.gz: 09f406c9093bf2a8b3fb29e4eff7fb66440212e4
+  data.tar.gz: d1843fe96b2b322628773e4c492aa30876939bb9
 SHA512:
-  metadata.gz: 6b489c3bf6517a73fd7d720aeb8cf336fc74c27e8346dc87f66a731b20dc1470091652d6cd7cabf780f5f9b498060b59d23b563cc93cea650ef441ef40024bc8
-  data.tar.gz: 0fde6ff96be6c49b0b823240ee9c2557676b2fbe60504a26995d3e6ae584589afcb6c1b711ca9e780131226384ef49843c889dec02c22db1ffc3e065e5249e28
+  metadata.gz: 72dc4cb65baf9b34dd5329ed9d454e7d9ebc38926337122e5ecba16e851fad4100542130f8e91b032f2543278cd96b5247ca67775a1c551bfab63412eb047bed
+  data.tar.gz: 75139dd187ab0dcb646d1257a4101806480ce6b26911beb1084758e89acebeaae505f8bc9723a7f7372fcf28d608f9764a8f36e8c4bce93021fbc6b5770b08d9

data/VERSION

@@ -1 +1 @@
-0.2.5
+0.2.6

data/exec_sandbox.gemspec

@@ -2,15 +2,14 @@
 # DO NOT EDIT THIS FILE DIRECTLY
 # Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
 # -*- encoding: utf-8 -*-
-# stub: exec_sandbox 0.2.5 ruby lib
 
 Gem::Specification.new do |s|
   s.name = "exec_sandbox"
-  s.version = "0.2.5"
+  s.version = "0.2.6"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.authors = ["Victor Costan"]
-  s.date = "2014-02-05"
+  s.date = "2014-02-06"
   s.description = "Temporary users and groups, rlimits"
   s.email = "costan@gmail.com"
   s.extra_rdoc_files = [
@@ -51,7 +50,7 @@ Gem::Specification.new do |s|
   s.homepage = "http://github.com/pwnall/exec_sandbox"
   s.licenses = ["MIT"]
   s.require_paths = ["lib"]
-  s.rubygems_version = "2.1.11"
+  s.rubygems_version = "2.0.14"
   s.summary = "Run foreign binaries using POSIX sandboxing features"
 
   if s.respond_to? :specification_version then

data/lib/exec_sandbox/spawn.rb

@@ -64,7 +64,7 @@ module Spawn
     # Close all file descriptors not in the redirection table.
     redirected_fds = Set.new redirects.map(&:first)
     max_fd = LibC.getdtablesize
-    0.upto(max_fd) do |fd|
+    max_fd.downto 0 do |fd|
       next if redirected_fds.include?(fd)
 
       next if RubyVM.rb_reserved_fd_p(fd) != 0
@@ -164,10 +164,11 @@ module Spawn
   # Maps an internal MRI function that we need.
   module RubyVM
     extend FFI::Library
-    ffi_lib RbConfig::CONFIG['RUBY_SO_NAME']
+    ffi_lib FFI::Library::CURRENT_PROCESS
     begin
       attach_function :rb_reserved_fd_p, [:int], :int
     rescue FFI::NotFoundError
+      p 'Using fd_p emulation'
       # Emulation of internal MRI function.
       #
       # This is a fallback, used in case FFI can't find the MRI function.

data/spec/exec_sandbox/spawn_spec.rb

@@ -1,11 +1,13 @@
 require File.expand_path(File.dirname(__FILE__) + '/../spec_helper')
 
+require 'thread'
+
 describe ExecSandbox::Spawn do
   let(:test_user) { Etc.getlogin }
   let(:test_uid) { Etc.getpwnam(test_user).uid }
   let(:test_gid) { Etc.getpwnam(test_user).gid }
   let(:test_group) { Etc.getgrgid(test_gid).name }
-  
+
   describe '#spawn IO redirection' do
     before do
       @temp_in = Tempfile.new 'exec_sandbox_rspec'
@@ -13,7 +15,7 @@ describe ExecSandbox::Spawn do
       @temp_in.close
       @temp_out = Tempfile.new 'exec_sandbox_rspec'
       @temp_out.close
-      
+
       # Force-creating a 2nd thread to make MRI 1.9.3 crash without our fix.
       @lock = Mutex.new
       @lock.lock
@@ -35,7 +37,7 @@ describe ExecSandbox::Spawn do
       it 'should not crash' do
         @status[:exit_code].should == 0
       end
-      
+
       it 'should write successfully' do
         @temp_out.open
         begin
@@ -45,7 +47,7 @@ describe ExecSandbox::Spawn do
         end
       end
     end
-    
+
     describe 'with paths' do
       before do
         pid = ExecSandbox::Spawn.spawn bin_fixture(:duplicate),
@@ -54,9 +56,28 @@ describe ExecSandbox::Spawn do
         @status = ExecSandbox::Wait4.wait4 pid
       end
 
-      it_behaves_like 'duplicate.rb'        
+      it_behaves_like 'duplicate.rb'
     end
-    
+
+    describe 'with paths and a second thread' do
+      before do
+        @queue = Queue.new
+        @thread = Thread.new { @queue.pop }
+
+        pid = ExecSandbox::Spawn.spawn bin_fixture(:duplicate),
+            {in: @temp_in.path, out: @temp_out.path,
+             err: @temp_out.path}
+        @status = ExecSandbox::Wait4.wait4 pid
+      end
+
+      after do
+        @queue.push 'die'
+        @thread.join
+      end
+
+      it_behaves_like 'duplicate.rb'
+    end
+
     describe 'with file descriptors' do
       before do
         File.open(@temp_in.path, 'r') do |in_io|
@@ -70,24 +91,24 @@ describe ExecSandbox::Spawn do
 
       it_behaves_like 'duplicate.rb'
     end
-    
+
     describe 'without stdout' do
       before do
         pid = ExecSandbox::Spawn.spawn bin_fixture(:duplicate),
                                        {in: @temp_in.path}
         @status = ExecSandbox::Wait4.wait4 pid
       end
-      
+
       it 'should crash' do
         @status[:exit_code].should_not == 0
       end
     end
-    
+
     shared_examples_for 'count.rb' do
       it 'should not crash' do
         @status[:exit_code].should == 0
       end
-      
+
       it 'should write successfully' do
         @temp_out.open
         begin
@@ -122,7 +143,7 @@ describe ExecSandbox::Spawn do
     after do
       File.unlink(@temp_path) if File.exist?(@temp_path)
     end
-    
+
     describe 'with root credentials' do
       before do
         pid = ExecSandbox::Spawn.spawn [bin_fixture(:write_arg),
@@ -131,11 +152,11 @@ describe ExecSandbox::Spawn do
         @status = ExecSandbox::Wait4.wait4 pid
         @fstat = File.stat(@temp_path)
       end
-      
+
       it 'should not crash' do
         @status[:exit_code].should == 0
       end
-      
+
       it 'should have the UID set to root' do
         @fstat.uid.should == 0
       end
@@ -147,7 +168,7 @@ describe ExecSandbox::Spawn do
         File.read(@temp_path).should == "Spawn uid test\n"
       end
     end
-    
+
     describe 'with non-root credentials' do
       before do
         @temp.unlink
@@ -156,18 +177,18 @@ describe ExecSandbox::Spawn do
             {uid: test_uid, gid: test_gid}
         @status = ExecSandbox::Wait4.wait4 pid
       end
-      
+
       it 'should not crash' do
         @status[:exit_code].should == 0
       end
-      
+
       it 'should have the UID set to the test user' do
         File.stat(@temp_path).uid.should == test_uid
       end
       it 'should have the GID set to the test group' do
         File.stat(@temp_path).gid.should == test_gid
       end
-      
+
       it 'should have the correct output' do
         File.read(@temp_path).should == "Spawn uid test\n"
       end
@@ -181,7 +202,7 @@ describe ExecSandbox::Spawn do
             {uid: test_uid, gid: test_gid}
         @status = ExecSandbox::Wait4.wait4 pid
       end
-      
+
       it 'should crash (euid is set correctly)' do
         @status[:exit_code].should_not == 0
       end
@@ -190,7 +211,7 @@ describe ExecSandbox::Spawn do
         File.read(@temp_path).should_not == "Spawn uid test\n"
       end
     end
-    
+
     describe 'with non-root credentials and a root-owned redirect file' do
       before do
         File.chmod 070, @temp_path
@@ -199,7 +220,7 @@ describe ExecSandbox::Spawn do
             {uid: test_uid, gid: test_gid}
         @status = ExecSandbox::Wait4.wait4 pid
       end
-      
+
       it 'should crash (egid is set correctly)' do
         @status[:exit_code].should_not == 0
       end
@@ -208,28 +229,28 @@ describe ExecSandbox::Spawn do
         File.read(@temp_path).should_not == "Spawn uid test\n"
       end
     end
-    
+
     describe 'with a working directory' do
       before do
         @temp_dir = Dir.mktmpdir 'exec_sandbox_rspec'
         pid = ExecSandbox::Spawn.spawn [bin_fixture(:pwd), @temp_path],
-            {}, {dir: @temp_dir}        
+            {}, {dir: @temp_dir}
         @status = ExecSandbox::Wait4.wait4 pid
       end
       after do
         Dir.rmdir @temp_dir
       end
-      
+
       it 'should not crash' do
         @status[:exit_code].should == 0
       end
-      
+
       it 'should set the working directory' do
         File.read(@temp_path).should == @temp_dir
       end
     end
   end
-  
+
   describe '#spawn resource limits' do
     before do
       @temp = Tempfile.new 'exec_sandbox_rspec'
@@ -239,7 +260,7 @@ describe ExecSandbox::Spawn do
     after do
       File.unlink(@temp_path) if File.exist?(@temp_path)
     end
-    
+
     describe 'buffer.rb with 512 megs' do
       describe 'without limitations' do
         before do
@@ -251,28 +272,28 @@ describe ExecSandbox::Spawn do
         it 'should not crash' do
           @status[:exit_code].should == 0
         end
-        
+
         it 'should output 512 megs' do
           File.stat(@temp_path).size.should == 512 * 1024 * 1024
         end
       end
-      
+
       describe 'with 256mb memory limitation' do
         before do
           pid = ExecSandbox::Spawn.spawn [bin_fixture(:buffer), @temp_path,
               (512 * 1024 * 1024).to_s], {}, {}, {data: 256 * 1024 * 1024}
           @status = ExecSandbox::Wait4.wait4 pid
         end
-        
+
         it 'should crash' do
           @status[:exit_code].should_not == 0
         end
-        
+
         it 'should not have a chance to output data' do
           File.stat(@temp_path).size.should == 0
         end
       end
-      
+
       describe 'with 256mb output limitation' do
         before do
           pid = ExecSandbox::Spawn.spawn [bin_fixture(:buffer), @temp_path,
@@ -280,28 +301,28 @@ describe ExecSandbox::Spawn do
               {file_size: 64 * 1024 * 1024}
           @status = ExecSandbox::Wait4.wait4 pid
         end
-        
+
         it 'should crash' do
           @status[:exit_code].should_not == 0
         end
-        
+
         it 'should not output more than 256 megs' do
           File.stat(@temp_path).size.should <= 256 * 1024 * 1024
         end
       end
     end
-    
+
     describe 'buffer.rb with 128 megs' do
       shared_examples_for 'working' do
         it 'should not crash' do
           @status[:exit_code].should == 0
         end
-        
+
         it 'should output 128 megs' do
           File.stat(@temp_path).size.should == 128 * 1024 * 1024
         end
       end
-      
+
       describe 'without limitations' do
         before do
           pid = ExecSandbox::Spawn.spawn [bin_fixture(:buffer), @temp_path,
@@ -311,17 +332,17 @@ describe ExecSandbox::Spawn do
 
         it_behaves_like 'working'
       end
-      
+
       describe 'with 256mb memory limitation' do
         before do
           pid = ExecSandbox::Spawn.spawn [bin_fixture(:buffer), @temp_path,
               (128 * 1024 * 1024).to_s], {}, {}, {data: 256 * 1024 * 1024}
           @status = ExecSandbox::Wait4.wait4 pid
         end
-        
+
         it_behaves_like 'working'
       end
-      
+
       describe 'with 256mb output limitation' do
         before do
           pid = ExecSandbox::Spawn.spawn [bin_fixture(:buffer), @temp_path,
@@ -329,12 +350,12 @@ describe ExecSandbox::Spawn do
               {file_size: 256 * 1024 * 1024}
           @status = ExecSandbox::Wait4.wait4 pid
         end
-        
+
         it_behaves_like 'working'
       end
     end
-    
-    
+
+
     describe 'fork.rb' do
       describe 'without limitations' do
         before do
@@ -346,29 +367,29 @@ describe ExecSandbox::Spawn do
         it 'should not crash' do
           @status[:exit_code].should == 0
         end
-        
+
         it 'should output 10 +es' do
           File.stat(@temp_path).size.should == 10
         end
       end
-      
+
       describe 'with sub-process limitation' do
         before do
           pid = ExecSandbox::Spawn.spawn [bin_fixture(:fork), @temp_path,
               10.to_s], {}, {}, {processes: 4}
           @status = ExecSandbox::Wait4.wait4 pid
         end
-        
+
         it 'should crash' do
           @status[:exit_code].should_not == 0
         end
-        
+
         it 'should output less than 5 +es' do
           File.stat(@temp_path).size.should < 5
         end
       end
     end
-    
+
     describe 'churn.rb' do
       describe 'without limitations' do
         before do
@@ -380,16 +401,16 @@ describe ExecSandbox::Spawn do
         it 'should not crash' do
           @status[:exit_code].should == 0
         end
-        
+
         it 'should run for at least 2 seconds' do
           (@status[:user_time] + @status[:system_time]).should > 2
         end
-        
+
         it 'should output something' do
           File.stat(@temp_path).size.should > 0
         end
       end
-      
+
       describe 'with CPU time limitation' do
         before do
           pid = ExecSandbox::Spawn.spawn [bin_fixture(:churn), @temp_path,
@@ -404,7 +425,7 @@ describe ExecSandbox::Spawn do
         it 'should run for less than 2 seconds' do
           (@status[:user_time] + @status[:system_time]).should < 2
         end
-        
+
         it 'should not have a chance to output' do
           File.stat(@temp_path).size.should == 0
         end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: exec_sandbox
 version: !ruby/object:Gem::Version
-  version: 0.2.5
+  version: 0.2.6
 platform: ruby
 authors:
 - Victor Costan
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-02-05 00:00:00.000000000 Z
+date: 2014-02-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: ffi
@@ -179,7 +179,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.1.11
+rubygems_version: 2.0.14
 signing_key: 
 specification_version: 4
 summary: Run foreign binaries using POSIX sandboxing features