Re: setrlimit always fails

[Patrick Chkoreff <pc@fexl.com>]

Ken Brown via Cygwin wrote on 2/11/21 9:06 PM:

> Cygwin's setrlimit only supports a few resources, as you can see in the
> source:
> 
> https://cygwin.com/git/?p=newlib-cygwin.git;a=blob;f=winsup/cygwin/resource.cc;h=97777e9d223466b7635b990d6c9e0bfb9e2e9a46;hb=HEAD#l201

Thank you to all who replied.  Shortly after I sent the email, I did
some more searching and did find some posts to that effect, including
one that said setrlimit was originally added as a stub to support
porting OpenSSH.

Also thank you for the pointer to the source code.

The reason I'm asking about setrlimit is that I'm porting the code for
my functional programming language "Fexl" from Linux to Windows under
Cygwin.  (https://fexl.com)

In that language I have embedded functions limit_time, limit_stack, and
limit_memory which call setrlimit.  Those functions can be used to set
sensible limits before running potentially dangerous code.  It's safe
enough to allow running a program entered by a stranger in a text area
on a web site -- even a program which deliberately tries to use an
unbounded amount of memory.

I don't know if native Windows provides enough to flesh out setrlimit
with the equivalent behavior on Linux, even for my very limited usage
(RLIMIT_CPU, RLIMIT_STACK, RLIMIT_AS).  Therefore the only way for me to
do safe limits in Fexl would be to actually count evaluation steps in my
evaluation loop, and memory usage in my allocation wrapper, and halt the
program if it exceeds any user-imposed limits.

So I would have to check evaluation steps here:

https://github.com/chkoreff/Fexl/blob/956bdf85ff5046ebfa7fe582584fedc6881152db/src/value.c#L137

And check memory usage here:

https://github.com/chkoreff/Fexl/blob/956bdf85ff5046ebfa7fe582584fedc6881152db/src/memory.c#L28

It's either that or deprecate my usage of setrlimit altogether, making
it impossible to protect against runaway execution of potentially
dangerous unvetted code.

I will say that my first attempt at compiling the Linux code under
Cygwin went very well.  The only compiler error was in some code that
calls strptime.  To fix that, I had to use some macros in a sequence
like this:

#ifdef __CYGWIN__
/* Ensure that strptime is accessible. */
#define _XOPEN_SOURCE
#endif

#include <stdint.h>
...
#ifndef __CYGWIN__
/* Ensure that strptime is accessible. */
#define __USE_XOPEN
#endif

#include <time.h>


That seems to be the simplest I can make that.

Thank you to all the Cygwin developers who made this porting effort
possible!


-- Patrick