summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--python/runner/sandbox.c17
-rw-r--r--python/runner/terminator.c3
2 files changed, 11 insertions, 9 deletions
diff --git a/python/runner/sandbox.c b/python/runner/sandbox.c
index 4576060..7da8dd2 100644
--- a/python/runner/sandbox.c
+++ b/python/runner/sandbox.c
@@ -1,19 +1,23 @@
-#include <fcntl.h>
#include <pwd.h>
#include <stdio.h>
-#include <sys/prctl.h>
+#include <stdlib.h>
#include <sys/resource.h>
-#include <sys/stat.h>
-#include <sys/types.h>
#include <unistd.h>
int main(int argc, char* argv[])
{
if (argc < 3) {
- fprintf(stderr, "usage: %s USERNAME FILE\n", argv[0]);
+ fprintf(stderr, "usage: %s USERNAME FILE [ARGS...]\n", argv[0]);
return 1;
}
+ // initialize arguments for the sandboxed command
+ char** args = malloc((argc-1) * sizeof(char*));
+ int i;
+ for (i = 0; i < argc-2; i++)
+ args[i] = argv[i+2];
+ args[argc-2] = (char*)0;
+
// switch user (requires root or "setcap cap_setuid,cap_setgid+ep")
char const* username = argv[1];
struct passwd const* pw = getpwnam(username);
@@ -42,6 +46,5 @@ int main(int argc, char* argv[])
if ((ret = setrlimit(RLIMIT_NPROC, &nproc_limit)) != 0)
fprintf(stderr, "setrlimit(NPROC) returned %d\n", ret);
- char* const args[] = { argv[2], (char*)0 };
- return execvp(argv[2], args);
+ return execvp(args[0], args);
}
diff --git a/python/runner/terminator.c b/python/runner/terminator.c
index 0706957..9eaca83 100644
--- a/python/runner/terminator.c
+++ b/python/runner/terminator.c
@@ -2,8 +2,7 @@
#include <signal.h>
#include <stdio.h>
#include <stdlib.h>
-#include <sys/stat.h>
-#include <sys/types.h>
+#include <unistd.h>
int main(int argc, char* argv[])
{