secure 1.1.0 → 1.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
data/README.md CHANGED
@@ -39,6 +39,7 @@ Options:
39
39
  * :pipe_stdin, :pipe_stdout, :pipe_stderr => A File to pipe the stdin, out ond stderr to
40
40
  * :safe => An integer that represents the new safe mode (default 3)
41
41
  * :limit_files => Maximum file descriptor the block can open. If you want to say no files, set this to 0
42
+ * :limit_procs => Maximum number of processes that the user can create. Set this to 0 if you want to ensure no one forks
42
43
 
43
44
  Errors:
44
45
  =======
@@ -57,7 +58,7 @@ How Does it work:
57
58
 
58
59
  Known Issues:
59
60
  =============
60
- * :limit_memory does not work on OSX (at least whatever version I use), but it does work on linux
61
+ * :limit_memory and :limit_procs does not work on OSX (at least whatever version I use), but it does work on linux
61
62
  * :pipe_stdout is not tested because of some rspec weirdness
62
63
  * A block bound before $SAFE is set sees the old safe value. Refer to this for some clue about the reason why this happens: http://blog.sidu.in/2007/11/ruby-blocks-gotchas.html
63
64
  * Stdout cannot be piped to a StringIO. You need to open a unix PIPE. There are two reasons for this. The code runs in a child process, so you need to use and IPC mechanism, and a string IO is not recognized as a file at the C level
@@ -8,12 +8,13 @@ module Secure
8
8
  @timeout = opts[:timeout]
9
9
  @limit_memory = opts[:limit_memory]
10
10
  @limit_cpu = opts[:limit_cpu]
11
+ @limit_files = opts[:limit_files]
12
+ @limit_procs = opts[:limit_procs]
11
13
  @pipe_stdout = opts[:pipe_stdout]
12
14
  @pipe_stderr = opts[:pipe_stderr]
13
15
  @pipe_stdin = opts[:pipe_stdin]
14
16
  @run_before = opts[:run_before]
15
17
  @safe_value = opts[:safe] || 3
16
- @limit_files = opts[:limit_files]
17
18
  end
18
19
 
19
20
  def guard_threads
@@ -24,6 +25,7 @@ module Secure
24
25
  Process::setrlimit(Process::RLIMIT_AS, @limit_memory) if @limit_memory
25
26
  Process::setrlimit(Process::RLIMIT_CPU, @limit_cpu, 2 + @limit_cpu) if @limit_cpu
26
27
  Process::setrlimit(Process::RLIMIT_NOFILE, @limit_files, @limit_files) if @limit_files
28
+ Process::setrlimit(Process::RLIMIT_NPROC, @limit_procs, @limit_procs) if @limit_procs
27
29
  end
28
30
 
29
31
  def redirect_files
@@ -1,3 +1,3 @@
1
1
  module Secure
2
- VERSION = "1.1.0"
2
+ VERSION = "1.1.1"
3
3
  end
@@ -94,7 +94,9 @@ module Secure
94
94
 
95
95
  if RUBY_PLATFORM =~ /darwin/
96
96
  pending "should kill a process with too much memory (does not work on OSX)"
97
+ pending "kills a process trying to fork (does not work on OSX)"
97
98
  else
99
+
98
100
  it "should kill a process with too much memory on linux" do
99
101
  response = Runner.new(:limit_memory => 10 * 1024).run do
100
102
  'a' * 10 * 1024
@@ -102,6 +104,17 @@ module Secure
102
104
  response.should_not be_success
103
105
  response.error.should be_a(NoMemoryError)
104
106
  end
107
+
108
+ it "kills a process trying to fork" do
109
+ response = Runner.new(:safe => 0, :limit_procs => 0).run do
110
+ fork do
111
+ exit
112
+ end
113
+ 10
114
+ end
115
+ response.should_not be_success
116
+ response.error.should be_a(ThreadError)
117
+ end
105
118
  end
106
119
 
107
120
  it "kills a process using too much cpu" do
@@ -120,6 +133,7 @@ module Secure
120
133
  response.error.should be_a(Errno::EMFILE)
121
134
  end
122
135
 
136
+
123
137
  it "should not be able to open a file" do
124
138
  response = Runner.new.run do
125
139
  File.open("/etc/passwd")
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: secure
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.1.0
4
+ version: 1.1.1
5
5
  prerelease:
6
6
  platform: ruby
7
7
  authors:
@@ -13,7 +13,7 @@ date: 2011-10-26 00:00:00.000000000Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: rspec
16
- requirement: &70276562098440 !ruby/object:Gem::Requirement
16
+ requirement: &70151114884720 !ruby/object:Gem::Requirement
17
17
  none: false
18
18
  requirements:
19
19
  - - ~>
@@ -21,10 +21,10 @@ dependencies:
21
21
  version: '2.6'
22
22
  type: :development
23
23
  prerelease: false
24
- version_requirements: *70276562098440
24
+ version_requirements: *70151114884720
25
25
  - !ruby/object:Gem::Dependency
26
26
  name: rake
27
- requirement: &70276562098020 !ruby/object:Gem::Requirement
27
+ requirement: &70151114884300 !ruby/object:Gem::Requirement
28
28
  none: false
29
29
  requirements:
30
30
  - - ! '>='
@@ -32,7 +32,7 @@ dependencies:
32
32
  version: '0'
33
33
  type: :development
34
34
  prerelease: false
35
- version_requirements: *70276562098020
35
+ version_requirements: *70151114884300
36
36
  description: see summary
37
37
  email:
38
38
  - tejas@gja.in