function safe_command($working_dir, $cmd, $args, $limits, $error_out = NULL)
{
// not on windows
if (SystemUtil::is_windows()) {
echo "Security Warning: Runguard doesn't work on windows!\n";
return SystemUtil::run_command($working_dir, $cmd, $args, $error_out);
}
// build command
$actual_cmd = RUNGUARD_PATH;
$actual_args = array();
// time limit
$actual_args[] = "--time=" . (isset($limits['time limit']) ? $limits['time limit'] : 60);
// memory limit
if (isset($limits['memory limit'])) {
$actual_args[] = "--memsize=" . intval($limits['memory limit'] / 1024);
}
// filesize limit
if (isset($limits['filesize limit'])) {
$actual_args[] = "--filesize=" . intval($limits['filesize limit'] / 1024);
}
// process limit
if (isset($limits['process limit'])) {
$actual_args[] = "--nproc=" . $limits['process limit'];
}
// no coredumps
$actual_args[] = "--no-core";
// user
if (isset($limits['as nobody']) && RUNGUARD_USER !== false) {
$actual_args[] = "--user=" . RUNGUARD_USER;
}
// run
$actual_args[] = $cmd;
$actual_args = array_merge($actual_args, $args);
return SystemUtil::run_command($working_dir, $actual_cmd, $actual_args, $error_out);
}
