1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
|
#include <pwd.h>
#include <stdio.h>
#include <stdlib.h>
#include <sys/resource.h>
#include <unistd.h>
int main(int argc, char* argv[])
{
if (argc < 3) {
fprintf(stderr, "usage: %s USERNAME FILE [ARGS...]\n", argv[0]);
return 1;
}
// initialize arguments for the sandboxed command
char** args = malloc((argc-1) * sizeof(char*));
int i;
for (i = 0; i < argc-2; i++)
args[i] = argv[i+2];
args[argc-2] = (char*)0;
// switch user (requires root or "setcap cap_setuid,cap_setgid+ep")
char const* username = argv[1];
struct passwd const* pw = getpwnam(username);
if (!pw) {
fprintf(stderr, "no such user: %s\n", username);
return 1;
}
int ret = 0;
if ((ret = setgid(pw->pw_gid)) != 0)
fprintf(stderr, "setgid returned %d\n", ret);
if ((ret = setuid(pw->pw_uid)) != 0)
fprintf(stderr, "setuid returned %d\n", ret);
// limit CPU time to 1 second
struct rlimit const cpu_limit = { .rlim_cur = 1, .rlim_max = 1 };
if ((ret = setrlimit(RLIMIT_CPU, &cpu_limit)) != 0)
fprintf(stderr, "setrlimit(CPU) returned %d\n", ret);
// don't allow writing files of any size
struct rlimit const fsize_limit = { .rlim_cur = 0, .rlim_max = 0 };
if ((ret = setrlimit(RLIMIT_FSIZE, &fsize_limit)) != 0)
fprintf(stderr, "setrlimit(FSIZE) returned %d\n", ret);
// there will be no fork
struct rlimit const nproc_limit = { .rlim_cur = 0, .rlim_max = 0 };
if ((ret = setrlimit(RLIMIT_NPROC, &nproc_limit)) != 0)
fprintf(stderr, "setrlimit(NPROC) returned %d\n", ret);
return execvp(args[0], args);
}
|