From 721368cd04bfbd03c0d9173fff633ae34f16409a Mon Sep 17 00:00:00 2001 From: Eric Wong Date: Mon, 25 Feb 2019 05:14:10 +0000 Subject: spawn: support RLIMIT_CPU, RLIMIT_DATA and RLIMIT_CORE We'll be spawning cgit and git-diff, which can take gigantic amounts of CPU time and/or heap given the right (ermm... wrong) input. Limit the damage that large/expensive diffs can cause. --- t/spawn.t | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) (limited to 't') diff --git a/t/spawn.t b/t/spawn.t index db3f2dc9..5abedc96 100644 --- a/t/spawn.t +++ b/t/spawn.t @@ -92,6 +92,24 @@ use PublicInbox::Spawn qw(which spawn popen_rd); isnt($?, 0, '$? set properly: '.$?); } +SKIP: { + eval { + require BSD::Resource; + defined(BSD::Resource::RLIMIT_CPU()) + } or skip 'BSD::Resource::RLIMIT_CPU missing', 3; + my ($r, $w); + pipe($r, $w) or die "pipe: $!"; + my $cmd = ['sh', '-c', 'while true; do :; done']; + my $opt = { RLIMIT_CPU => [ 1, 1 ], RLIMIT_CORE => 0, 1 => fileno($w) }; + my $pid = spawn($cmd, undef, $opt); + close $w or die "close(w): $!"; + my $rset = ''; + vec($rset, fileno($r), 1) = 1; + ok(select($rset, undef, undef, 5), 'child died before timeout'); + is(waitpid($pid, 0), $pid, 'XCPU child process reaped'); + isnt($?, 0, 'non-zero exit status'); +} + done_testing(); 1; -- cgit v1.2.3-24-ge0c7