/* -*- C -*- * $Id: ocamlbotwrapper.c.in,v 1.4 2007/06/29 21:43:21 rjones Exp $ * SUID wrapper around ocaml program. */ #include #include #include #include #include #include const char *new_environ[] = { "PATH=/usr/bin", NULL }; int main () { struct rlimit lim; /* Don't worry about races here because we're just checking that * the installation looks reasonable. * * Die if the init script does not exist. */ if (access ("@INITSCRIPT@", R_OK) == -1) { perror ("@INITSCRIPT@"); exit (1); } /* Die if the ocaml program does not exist. */ if (access ("@OCAML@", R_OK|X_OK) == -1) { perror ("@OCAML@"); exit (1); } /* Die if the chroot directory does not exist. */ if (access ("@CHROOTDIR@", R_OK|X_OK) == -1) { perror ("@CHROOTDIR@"); exit (1); } /* Set some limits. */ #ifdef RLIMIT_AS lim.rlim_cur = lim.rlim_max = 32 * 1024 * 1024; /* bytes!?! */ setrlimit (RLIMIT_AS, &lim); #endif #ifdef RLIMIT_CORE lim.rlim_cur = lim.rlim_max = 0; setrlimit (RLIMIT_CORE, &lim); #endif #ifdef RLIMIT_CPU lim.rlim_cur = lim.rlim_max = 10; /* seconds */ setrlimit (RLIMIT_CPU, &lim); #endif #ifdef RLIMIT_MEMLOCK lim.rlim_cur = lim.rlim_max = 0; setrlimit (RLIMIT_MEMLOCK, &lim); #endif #ifdef RLIMIT_MSGQUEUE lim.rlim_cur = lim.rlim_max = 0; setrlimit (RLIMIT_MSGQUEUE, &lim); #endif #ifdef RLIMIT_NOFILE lim.rlim_cur = lim.rlim_max = 10; setrlimit (RLIMIT_NOFILE, &lim); #endif #ifdef RLIMIT_NPROC lim.rlim_cur = lim.rlim_max = 2; setrlimit (RLIMIT_NPROC, &lim); #endif #ifdef RLIMIT_SIGPENDING lim.rlim_cur = lim.rlim_max = 5; setrlimit (RLIMIT_SIGPENDING, &lim); #endif #ifdef RLIMIT_STACK lim.rlim_cur = lim.rlim_max = 8 * 1024 * 1024; /* bytes */ setrlimit (RLIMIT_STACK, &lim); #endif /* Run the ocaml program with the correct args. */ execle ("@OCAML@", "@OCAML@", "-init", "@INITSCRIPT@", "-noprompt", NULL, new_environ); /* If it failed, die with an error message. */ perror ("@OCAML@"); exit (1); }