executor: add setuid sandbox for openbsd

* executor/common_bsd: add setuid sandbox Fixes #833 cc @mptre * Reduced duplications, resolved TODO.
author: Greg Steuck <blackgnezdo@gmail.com> 2018-12-10 02:20:16 -0800
committer: Dmitry Vyukov <dvyukov@google.com> 2018-12-10 11:20:16 +0100
commit: 6565f24da9f4eb36702339ba290213995fcc902f (patch)
tree: e1e14f1299c8ce54fa8098b2226e80cdccdf1c45 /executor/executor_bsd.h
parent: 96cc4c50c3e0bd42e1a0ebad8539fc6734b60ecf (diff)
1 files changed, 0 insertions, 19 deletions
diff --git a/executor/executor_bsd.h b/executor/executor_bsd.h
index 7119a3992..8f364ca13 100644
--- a/executor/executor_bsd.h
+++ b/executor/executor_bsd.h
@@ -21,25 +21,6 @@ static void os_init(int argc, char** argv, void* data, size_t data_size)
 
 	if (mmap(data, data_size, prot, MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, 0) != data)
 		fail("mmap of data segment failed");
-
-	// Some minimal sandboxing.
-	// TODO: this should go into common_bsd.h because csource needs this too.
-	struct rlimit rlim;
-#if GOOS_netbsd
-	// This causes frequent random aborts on netbsd. Reason unknown.
-	rlim.rlim_cur = rlim.rlim_max = 128 << 20;
-	setrlimit(RLIMIT_AS, &rlim);
-#endif
-	rlim.rlim_cur = rlim.rlim_max = 8 << 20;
-	setrlimit(RLIMIT_MEMLOCK, &rlim);
-	rlim.rlim_cur = rlim.rlim_max = 1 << 20;
-	setrlimit(RLIMIT_FSIZE, &rlim);
-	rlim.rlim_cur = rlim.rlim_max = 1 << 20;
-	setrlimit(RLIMIT_STACK, &rlim);
-	rlim.rlim_cur = rlim.rlim_max = 0;
-	setrlimit(RLIMIT_CORE, &rlim);
-	rlim.rlim_cur = rlim.rlim_max = 256; // see kMaxFd
-	setrlimit(RLIMIT_NOFILE, &rlim);
 }
 
 static long execute_syscall(const call_t* c, long a[kMaxArgs])
author	Greg Steuck <blackgnezdo@gmail.com>	2018-12-10 02:20:16 -0800
committer	Dmitry Vyukov <dvyukov@google.com>	2018-12-10 11:20:16 +0100
commit	6565f24da9f4eb36702339ba290213995fcc902f (patch)
tree	e1e14f1299c8ce54fa8098b2226e80cdccdf1c45 /executor/executor_bsd.h
parent	96cc4c50c3e0bd42e1a0ebad8539fc6734b60ecf (diff)