Limit user programs to one process

[gruntmaster-daemon.git] / gruntmaster-exec

diff --git a/gruntmaster-exec b/gruntmaster-exec
index dec8be38835c02ed0913078584cce3c1aee16b03..319671e2aa8153e5aa88bca254618616ed2bf491 100755 (executable)
--- a/gruntmaster-exec
+++ b/gruntmaster-exec
@@ -18,8 +18,11 @@ use constant +{
        DIED => 5,
        REJ => 10,
 };
+# These constants are changed by ex/makevm
+use constant USER => 65534;
+use constant GROUP => 65534;
 
-use BSD::Resource qw/setrlimit RLIMIT_AS RLIMIT_FSIZE/;
+use BSD::Resource qw/setrlimit RLIMIT_AS RLIMIT_FSIZE RLIMIT_NPROC/;
 use IPC::Signal qw/sig_name sig_num/;
 use sigtrap qw/XFSZ/;
 
@@ -27,7 +30,7 @@ use Getopt::Long;
 use POSIX qw//;
 use Time::HiRes qw/alarm/;
 
-my (@fds, $timeout, $mlimit, $olimit);
+my (@fds, $timeout, $mlimit, $olimit, $nobody);
 my $close = 1;
 
 GetOptions(
@@ -36,6 +39,7 @@ GetOptions(
        "mlimit=i"  => \$mlimit,
        "olimit=i"  => \$olimit,
        "close!"    => \$close,
+       "nobody!"   => \$nobody,
 );
 
 my $ret = fork // die 'Cannot fork';
@@ -69,8 +73,9 @@ if ($ret) {
        %ENV = (ONLINE_JUDGE => 1, PATH => $ENV{PATH}, HOME => $ENV{HOME});
        setrlimit RLIMIT_AS, $mlimit, $mlimit or die $! if $mlimit;
        setrlimit RLIMIT_FSIZE, $olimit, $olimit or die $! if $olimit;
-       POSIX::setgid 65534; # Set group id to nogroup
-       POSIX::setuid 65534; # Set user id to nobody
+       setrlimit RLIMIT_NPROC, 1, 1 or die $! if $nobody;
+       POSIX::setgid $nobody ? 65534 : USER;
+       POSIX::setuid $nobody ? 65534 : GROUP;
        exec @ARGV;
 }