From 29d29f21c7eb9f4a18cff2ed7440d1e61bfc6e08 Mon Sep 17 00:00:00 2001
From: Michael Santos <michael.santos@gmail.com>
Date: Sun, 4 Jun 2023 06:30:15 -0400
Subject: [PATCH] rlimit: disable fs writes

Use RLIMIT_FSIZE to disable writes to the filesystem when stdout is not
a regular file.
---
 src/restrict_process_rlimit.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/restrict_process_rlimit.c b/src/restrict_process_rlimit.c
index 9dc33f7..a50a911 100644
--- a/src/restrict_process_rlimit.c
+++ b/src/restrict_process_rlimit.c
@@ -1,4 +1,4 @@
-/* Copyright (c) 2017, Michael Santos <michael.santos@gmail.com>
+/* Copyright (c) 2017-2023, Michael Santos <michael.santos@gmail.com>
  *
  * Permission to use, copy, modify, and/or distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -15,6 +15,7 @@
 #ifdef RESTRICT_PROCESS_rlimit
 #include <sys/resource.h>
 #include <sys/time.h>
+#include <unistd.h>
 
 #include "xmppipe.h"
 
@@ -27,6 +28,11 @@ int restrict_process_init(xmppipe_state_t *state) {
 int restrict_process_stdin(xmppipe_state_t *state) {
   struct rlimit rl = {0};
 
+  if (isatty(STDOUT_FILENO)) {
+    if (setrlimit(RLIMIT_FSIZE, &rl_zero) != 0)
+      return -1;
+  }
+
   rl.rlim_cur = RESTRICT_PROCESS_RLIMIT_NOFILE;
   rl.rlim_max = RESTRICT_PROCESS_RLIMIT_NOFILE;