Check-in [5f6c3928e7]

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Increase CPU time, address space, and RSS
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: 5f6c3928e70712216678929dcc3de88e953ca2e5
User & Date: rkeene 2020-08-25 15:40:40
Context
2020-08-25
16:04
Log pull output to user check-in: 2e87d644dd user: rkeene tags: trunk
15:40
Increase CPU time, address space, and RSS check-in: 5f6c3928e7 user: rkeene tags: trunk
15:40
Run the fossil symlink check-in: 273501fe4e user: rkeene tags: trunk
Changes

Changes to scripts/fossil-as-user/secure-wrap.c.

129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
	limit.rlim_cur = 10;
	limit.rlim_max = 10;
	check(setrlimit(RLIMIT_NPROC, &limit));

	/**
	 ** Allow a reasonable amount of CPU time
	 **/
	limit.rlim_cur = 90;
	limit.rlim_max = 90;
	check(setrlimit(RLIMIT_CPU, &limit));

	/**
	 ** Allow a reasonable amount of RAM
	 **/
	limit.rlim_cur = 1024 * 1024 * 512LU;
	limit.rlim_max = 1024 * 1024 * 512LU;
	check(setrlimit(RLIMIT_DATA, &limit));
	check(setrlimit(RLIMIT_RSS, &limit));

	limit.rlim_cur = 1024 * 1024 * 16LU;
	limit.rlim_max = 1024 * 1024 * 16LU;
	check(setrlimit(RLIMIT_STACK, &limit));

	limit.rlim_cur = 1024 * 1024 * 1024LU;
	limit.rlim_max = 1024 * 1024 * 1024LU;
	check(setrlimit(RLIMIT_AS, &limit));

	/*
	 * Drop privileges
	 */
	check(setgid(SECURE_WRAP_BASE_ID + id));
	check(setuid(SECURE_WRAP_BASE_ID + id));







|
|





|
|







|
|







129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
	limit.rlim_cur = 10;
	limit.rlim_max = 10;
	check(setrlimit(RLIMIT_NPROC, &limit));

	/**
	 ** Allow a reasonable amount of CPU time
	 **/
	limit.rlim_cur = 300;
	limit.rlim_max = 300;
	check(setrlimit(RLIMIT_CPU, &limit));

	/**
	 ** Allow a reasonable amount of RAM
	 **/
	limit.rlim_cur = 1024 * 1024 * 1024LU;
	limit.rlim_max = 1024 * 1024 * 1024LU;
	check(setrlimit(RLIMIT_DATA, &limit));
	check(setrlimit(RLIMIT_RSS, &limit));

	limit.rlim_cur = 1024 * 1024 * 16LU;
	limit.rlim_max = 1024 * 1024 * 16LU;
	check(setrlimit(RLIMIT_STACK, &limit));

	limit.rlim_cur = 1024 * 1024 * 8192LU;
	limit.rlim_max = 1024 * 1024 * 8192LU;
	check(setrlimit(RLIMIT_AS, &limit));

	/*
	 * Drop privileges
	 */
	check(setgid(SECURE_WRAP_BASE_ID + id));
	check(setuid(SECURE_WRAP_BASE_ID + id));