From 721368cd04bfbd03c0d9173fff633ae34f16409a Mon Sep 17 00:00:00 2001 From: Eric Wong Date: Mon, 25 Feb 2019 05:14:10 +0000 Subject: spawn: support RLIMIT_CPU, RLIMIT_DATA and RLIMIT_CORE We'll be spawning cgit and git-diff, which can take gigantic amounts of CPU time and/or heap given the right (ermm... wrong) input. Limit the damage that large/expensive diffs can cause. --- lib/PublicInbox/SpawnPP.pm | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) (limited to 'lib/PublicInbox/SpawnPP.pm') diff --git a/lib/PublicInbox/SpawnPP.pm b/lib/PublicInbox/SpawnPP.pm index 743db224..8692b767 100644 --- a/lib/PublicInbox/SpawnPP.pm +++ b/lib/PublicInbox/SpawnPP.pm @@ -9,8 +9,8 @@ use warnings; use POSIX qw(dup2 :signal_h); # Pure Perl implementation for folks that do not use Inline::C -sub public_inbox_fork_exec ($$$$$$) { - my ($in, $out, $err, $f, $cmd, $env) = @_; +sub pi_fork_exec ($$$$$$) { + my ($in, $out, $err, $f, $cmd, $env, $rlim) = @_; my $old = POSIX::SigSet->new(); my $set = POSIX::SigSet->new(); $set->fillset or die "fillset failed: $!"; @@ -22,6 +22,11 @@ sub public_inbox_fork_exec ($$$$$$) { $pid = -1; } if ($pid == 0) { + while (@$rlim) { + my ($r, $soft, $hard) = splice(@$rlim, 0, 3); + BSD::Resource::setrlimit($r, $soft, $hard) or + warn "failed to set $r=[$soft,$hard]\n"; + } if ($in != 0) { dup2($in, 0) or die "dup2 failed for stdin: $!"; } -- cgit v1.2.3-24-ge0c7