Revert "executor: add setuid sandbox for openbsd"

This reverts commit 6565f24da9f4eb36702339ba290213995fcc902f.
author: Greg Steuck <gnezdo@google.com> 2018-12-10 10:16:29 -0800
committer: Dmitry Vyukov <dvyukov@google.com> 2018-12-10 20:09:24 +0100
commit: 4093e33b1338f274ae0062f555de9d6af8640d61 (patch)
tree: a3704d75a99b39019d7c545038a6cb5c544a35b9 /executor/executor_bsd.h
parent: 28bd3e371b1f31cb243f0df56b9c7720971a89db (diff)
1 files changed, 19 insertions, 0 deletions
diff --git a/executor/executor_bsd.h b/executor/executor_bsd.h
index 8f364ca13..7119a3992 100644
--- a/executor/executor_bsd.h
+++ b/executor/executor_bsd.h
@@ -21,6 +21,25 @@ static void os_init(int argc, char** argv, void* data, size_t data_size)
 
 	if (mmap(data, data_size, prot, MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, 0) != data)
 		fail("mmap of data segment failed");
+
+	// Some minimal sandboxing.
+	// TODO: this should go into common_bsd.h because csource needs this too.
+	struct rlimit rlim;
+#if GOOS_netbsd
+	// This causes frequent random aborts on netbsd. Reason unknown.
+	rlim.rlim_cur = rlim.rlim_max = 128 << 20;
+	setrlimit(RLIMIT_AS, &rlim);
+#endif
+	rlim.rlim_cur = rlim.rlim_max = 8 << 20;
+	setrlimit(RLIMIT_MEMLOCK, &rlim);
+	rlim.rlim_cur = rlim.rlim_max = 1 << 20;
+	setrlimit(RLIMIT_FSIZE, &rlim);
+	rlim.rlim_cur = rlim.rlim_max = 1 << 20;
+	setrlimit(RLIMIT_STACK, &rlim);
+	rlim.rlim_cur = rlim.rlim_max = 0;
+	setrlimit(RLIMIT_CORE, &rlim);
+	rlim.rlim_cur = rlim.rlim_max = 256; // see kMaxFd
+	setrlimit(RLIMIT_NOFILE, &rlim);
 }
 
 static long execute_syscall(const call_t* c, long a[kMaxArgs])
author	Greg Steuck <gnezdo@google.com>	2018-12-10 10:16:29 -0800
committer	Dmitry Vyukov <dvyukov@google.com>	2018-12-10 20:09:24 +0100
commit	4093e33b1338f274ae0062f555de9d6af8640d61 (patch)
tree	a3704d75a99b39019d7c545038a6cb5c544a35b9 /executor/executor_bsd.h
parent	28bd3e371b1f31cb243f0df56b9c7720971a89db (diff)