function safe_command($working_dir, $cmd, $args, $limits, $error_out = NULL) { // not on windows if (SystemUtil::is_windows()) { echo "Security Warning: Runguard doesn't work on windows!\n"; return SystemUtil::run_command($working_dir, $cmd, $args, $error_out); } // build command $actual_cmd = RUNGUARD_PATH; $actual_args = array(); // time limit $actual_args[] = "--time=" . (isset($limits['time limit']) ? $limits['time limit'] : 60); // memory limit if (isset($limits['memory limit'])) { $actual_args[] = "--memsize=" . intval($limits['memory limit'] / 1024); } // filesize limit if (isset($limits['filesize limit'])) { $actual_args[] = "--filesize=" . intval($limits['filesize limit'] / 1024); } // process limit if (isset($limits['process limit'])) { $actual_args[] = "--nproc=" . $limits['process limit']; } // no coredumps $actual_args[] = "--no-core"; // user if (isset($limits['as nobody']) && RUNGUARD_USER !== false) { $actual_args[] = "--user=" . RUNGUARD_USER; } // run $actual_args[] = $cmd; $actual_args = array_merge($actual_args, $args); return SystemUtil::run_command($working_dir, $actual_cmd, $actual_args, $error_out); }