X-Git-Url: http://mj.ucw.cz/gitweb/?a=blobdiff_plain;f=src%2Fbox.c;h=bcfe233f84345b2043d0f4dbe5a22f18c12c8332;hb=3ee84a61340017dccf73f53194cd7ec4c7ec838b;hp=12d3eb58b21f81331fdeffdeb336db2d033c68a7;hpb=283214723416710aaf5d94b9c1e3527fa6f1208e;p=eval.git

diff --git a/src/box.c b/src/box.c
index 12d3eb5..bcfe233 100644
--- a/src/box.c
+++ b/src/box.c
@@ -1,7 +1,7 @@
 /*
  *	A Simple Testing Sandbox
  *
- *	(c) 2001 Martin Mares <mj@ucw.cz>
+ *	(c) 2001--2004 Martin Mares <mj@ucw.cz>
  */
 
 #define _LARGEFILE64_SOURCE
@@ -35,6 +35,9 @@ static int use_wall_clock;
 static int file_access;
 static int verbose;
 static int memory_limit;
+static int allow_times;
+static char *redir_stdin, *redir_stdout;
+static char *set_cwd;
 
 static pid_t box_pid;
 static int is_ptraced;
@@ -142,7 +145,10 @@ valid_filename(unsigned long addr)
 	  && !strstr(namebuf, ".."))
 	return;
       if (!strcmp(namebuf, "/dev/null") ||
-	  !strcmp(namebuf, "/dev/zero"))
+	  !strcmp(namebuf, "/dev/zero") ||
+	  !strcmp(namebuf, "/proc/meminfo") ||
+	  !strcmp(namebuf, "/proc/self/stat") ||
+	  !strncmp(namebuf, "/usr/share/zoneinfo/", 20))
 	return;
     }
   die("Forbidden access to file `%s'.", namebuf);
@@ -198,9 +204,12 @@ valid_syscall(struct user *u)
     case SYS_ftruncate64:
     case SYS_fstat64:
     case SYS_fcntl:
+    case SYS_fcntl64:
     case SYS_mmap:
     case SYS_munmap:
     case SYS_ioctl:
+    case SYS_uname:
+    case 252:
       return 1;
     case SYS_time:
     case SYS_alarm:
@@ -223,6 +232,7 @@ valid_syscall(struct user *u)
     case SYS_mprotect:
     case SYS_sigprocmask:
     case SYS_getdents:
+    case SYS_getdents64:
     case SYS__newselect:
     case SYS_fdatasync:
     case SYS_mremap:
@@ -237,7 +247,10 @@ valid_syscall(struct user *u)
     case SYS_rt_sigqueueinfo:
     case SYS_rt_sigsuspend:
     case SYS_mmap2:
+    case SYS__sysctl:
       return (filter_syscalls == 1);
+    case SYS_times:
+      return allow_times;
     default:
       return 0;
     }
@@ -353,7 +366,7 @@ boxkeeper(void)
 	  timeradd(&rus.ru_utime, &rus.ru_stime, &total);
 	  wall = time(NULL) - start_time;
 	  if ((use_wall_clock ? wall : total.tv_sec) > timeout)
-	    die("Timeout exceeded (after exit).");
+	    die("Time limit exceeded (after exit).");
 	  fprintf(stderr, "OK (%d sec real, %d sec wall, %d syscalls)\n", (int) total.tv_sec, wall, syscall_count);
 	  exit(0);
 	}
@@ -418,8 +431,21 @@ box_inside(int argc, char **argv)
 
   memcpy(args, argv, argc * sizeof(char *));
   args[argc] = NULL;
-  close(2);
-  dup(1);
+  if (set_cwd && chdir(set_cwd))
+    die("chdir: %m");
+  if (redir_stdin)
+    {
+      close(0);
+      if (open(redir_stdin, O_RDONLY) != 0)
+	die("open(\"%s\"): %m", redir_stdin);
+    }
+  if (redir_stdout)
+    {
+      close(1);
+      if (open(redir_stdout, O_WRONLY | O_CREAT | O_TRUNC, 0666) != 1)
+	die("open(\"%s\"): %m", redir_stdout);
+    }
+  dup2(1, 2);
   setpgrp();
   if (memory_limit)
     {
@@ -448,8 +474,11 @@ Options:\n\
 -c <dir>\tChange directory to <dir> first\n\
 -e\t\tPass full environment of parent process\n\
 -f\t\tFilter system calls (-ff=very restricted)\n\
+-i <file>\tRedirect stdin from <file>\n\
 -m <size>\tLimit address space to <size> KB\n\
+-o <file>\tRedirect stdout to <file>\n\
 -t <time>\tStop after <time> seconds\n\
+-T\t\tAllow syscalls for measuring run time\n\
 -v\t\tBe verbose\n\
 -w\t\tMeasure wall clock time instead of run time\n\
 ");
@@ -461,16 +490,15 @@ main(int argc, char **argv)
 {
   int c;
   uid_t uid;
-  char *cwd = NULL;
 
-  while ((c = getopt(argc, argv, "a:c:efm:t:vw")) >= 0)
+  while ((c = getopt(argc, argv, "a:c:efi:m:o:t:Tvw")) >= 0)
     switch (c)
       {
       case 'a':
 	file_access = atol(optarg);
 	break;
       case 'c':
-	cwd = optarg;
+	set_cwd = optarg;
 	break;
       case 'e':
 	pass_environ = 1;
@@ -478,12 +506,21 @@ main(int argc, char **argv)
       case 'f':
 	filter_syscalls++;
 	break;
+      case 'i':
+	redir_stdin = optarg;
+	break;
       case 'm':
 	memory_limit = atol(optarg);
 	break;
+      case 'o':
+	redir_stdout = optarg;
+	break;
       case 't':
 	timeout = atol(optarg);
 	break;
+      case 'T':
+	allow_times++;
+	break;
       case 'v':
 	verbose++;
 	break;
@@ -499,8 +536,6 @@ main(int argc, char **argv)
   uid = geteuid();
   if (setreuid(uid, uid) < 0)
     die("setreuid: %m");
-  if (cwd && chdir(cwd))
-    die("chdir: %m");
   box_pid = fork();
   if (box_pid < 0)
     die("fork: %m");