Commit e45c4905 authored by Leigh B. Stoller's avatar Leigh B. Stoller

Respond to Shashi's message that users can cause the parser to go into

an infinite loop rather easily via the NS file TCL hooks. Added a
perl wrapper around parse.tcl called parse-ns, which forks a child to
run the parser. The parser is invoked "nice +10" and the CPU limit for
the child is set to 60 seconds, which should be enough for any parse.
If the limit is exceeded, send email to tbops since this indicates a
big problem or a user being dumb/malicious.
parent c2d104c8
......@@ -1139,6 +1139,7 @@ outfiles="$outfiles Makeconf GNUmakefile \
tbsetup/startexp tbsetup/endexp tbsetup/webstartexp tbsetup/webendexp \
tbsetup/snmpit tbsetup/ns2ir/GNUmakefile \
tbsetup/ns2ir/parse.tcl tbsetup/ns2ir/tb_compat.tcl \
tbsetup/ns2ir/parse-ns \
tbsetup/ns2ir/sim.tcl tbsetup/db2ns \
tbsetup/tbprerun tbsetup/tbswapin tbsetup/tbswapout tbsetup/tbend \
tbsetup/tbreport tbsetup/named_setup tbsetup/exports_setup \
......
......@@ -224,6 +224,7 @@ outfiles="$outfiles Makeconf GNUmakefile \
tbsetup/startexp tbsetup/endexp tbsetup/webstartexp tbsetup/webendexp \
tbsetup/snmpit tbsetup/ns2ir/GNUmakefile \
tbsetup/ns2ir/parse.tcl tbsetup/ns2ir/tb_compat.tcl \
tbsetup/ns2ir/parse-ns \
tbsetup/ns2ir/sim.tcl tbsetup/db2ns \
tbsetup/tbprerun tbsetup/tbswapin tbsetup/tbswapout tbsetup/tbend \
tbsetup/tbreport tbsetup/named_setup tbsetup/exports_setup \
......
......@@ -9,8 +9,8 @@ SUBDIR = tbsetup/ns2ir
include $(OBJDIR)/Makeconf
LIB_STUFF = lanlink.tcl node.tcl sim.tcl tb_compat.tcl null.tcl \
nsobject.tcl traffic.tcl vtype.tcl
LIBEXEC_STUFF = parse.tcl
nsobject.tcl traffic.tcl vtype.tcl parse.tcl
LIBEXEC_STUFF = parse-ns
#
# Force dependencies on the scripts so that they will be rerun through
......
#!/usr/bin/perl -w
use English;
use Getopt::Std;
use BSD::Resource;
use POSIX qw(:signal_h);
#
# Simply a wrapper for the parser. Passes on its arguments to parse.tcl.
#
sub usage()
{
print STDOUT
"Usage: parse-ns [args ...]\n".
"Where options and arguments are those required by parse.tcl\n";
exit(-1);
}
#
# Configure variables
#
my $TB = "@prefix@";
my $TBOPS = "@TBOPSEMAIL@";
#
# Turn off line buffering on output
#
$| = 1;
#
# Untaint the path
#
$ENV{'PATH'} = "/bin:/usr/bin:$TB/libexec:$TB/libexec/ir".
":$TB/libexec/ns2ir:$TB/sbin:$TB/bin";
delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};
#
# Testbed Support libraries
#
use lib "@prefix@/lib";
use libtestbed;
#
# Fork a child process to run the parser in.
#
my $pid = fork();
if (!defined($pid)) {
die("*** $0:\n".
" Could not fork a new process!");
}
#
# Child runs the parser, niced down, and then exits.
#
if (! $pid) {
# Set the CPU limit for us.
setrlimit(RLIMIT_CPU, 60, 60);
# Give parent a chance to react.
sleep(1);
system("nice parse.tcl @ARGV");
exit($? >> 0);
}
#
# Parent waits.
#
waitpid($pid, 0);
#
# If the child was KILLed, then it overran its time limit.
# Send email. Otherwise, exit with result of child.
#
if (($? >> 8) == SIGKILL) {
my $msg = "Overran its CPU limit on 'parse.tcl @ARGV'";
SENDMAIL($TBOPS, "Parser Exceeded CPU Limit", $msg);
print STDERR "Parser Exceeded CPU Limit: 'parse.tcl @ARGV'\n";
exit(15);
}
exit($? >> 8);
......@@ -80,7 +80,7 @@ if (system("/bin/cp", "$tempfile", "$nsfile")) {
# Run parse in impotent mode on the NS file. This has no effect but
# will display any errors.
if (system("parse.tcl -n -a $nsfile") != 0) {
if (system("parse-ns -n -a $nsfile") != 0) {
fatal("NS Parse failed!");
}
......
......@@ -71,7 +71,7 @@ sub cleanup {
# This setups virt_nodes, virt_names including all IP address calculation
# and tb-* handling.
print "Running parser ... " . TBTimeStamp() . "\n";
if (system("parse.tcl $pid $eid $nsfile")) {
if (system("parse-ns $pid $eid $nsfile")) {
print STDERR "*** Parsing failed.\n";
cleanup();
exit(1);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment