diff options
author | Timotej Lazar <timotej.lazar@fri.uni-lj.si> | 2015-10-14 12:03:21 +0200 |
---|---|---|
committer | Timotej Lazar <timotej.lazar@fri.uni-lj.si> | 2015-10-14 12:13:13 +0200 |
commit | 7ae2d8824ab59dfbda6eaf7f621b6d3bfdec56e7 (patch) | |
tree | 4987e418a54276c43edc20aff395793455f8b843 | |
parent | ee5da92aeffcc3505e2be2efeb1a235ab852709a (diff) |
Add support for command arguments to sandbox
-rw-r--r-- | python/runner/sandbox.c | 17 | ||||
-rw-r--r-- | python/runner/terminator.c | 3 |
2 files changed, 11 insertions, 9 deletions
diff --git a/python/runner/sandbox.c b/python/runner/sandbox.c index 4576060..7da8dd2 100644 --- a/python/runner/sandbox.c +++ b/python/runner/sandbox.c @@ -1,19 +1,23 @@ -#include <fcntl.h> #include <pwd.h> #include <stdio.h> -#include <sys/prctl.h> +#include <stdlib.h> #include <sys/resource.h> -#include <sys/stat.h> -#include <sys/types.h> #include <unistd.h> int main(int argc, char* argv[]) { if (argc < 3) { - fprintf(stderr, "usage: %s USERNAME FILE\n", argv[0]); + fprintf(stderr, "usage: %s USERNAME FILE [ARGS...]\n", argv[0]); return 1; } + // initialize arguments for the sandboxed command + char** args = malloc((argc-1) * sizeof(char*)); + int i; + for (i = 0; i < argc-2; i++) + args[i] = argv[i+2]; + args[argc-2] = (char*)0; + // switch user (requires root or "setcap cap_setuid,cap_setgid+ep") char const* username = argv[1]; struct passwd const* pw = getpwnam(username); @@ -42,6 +46,5 @@ int main(int argc, char* argv[]) if ((ret = setrlimit(RLIMIT_NPROC, &nproc_limit)) != 0) fprintf(stderr, "setrlimit(NPROC) returned %d\n", ret); - char* const args[] = { argv[2], (char*)0 }; - return execvp(argv[2], args); + return execvp(args[0], args); } diff --git a/python/runner/terminator.c b/python/runner/terminator.c index 0706957..9eaca83 100644 --- a/python/runner/terminator.c +++ b/python/runner/terminator.c @@ -2,8 +2,7 @@ #include <signal.h> #include <stdio.h> #include <stdlib.h> -#include <sys/stat.h> -#include <sys/types.h> +#include <unistd.h> int main(int argc, char* argv[]) { |