RE: Restricting file access

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: RE: Restricting file access
From: "Nick Trout" <nick@...>
Date: Thu, 12 Jun 2003 13:51:43 -0700

> I am trying to write a "secure" host program that can run lua 
> scripts.  The 
> program will use PhysicsFS (link below) to restrict file 
> system access to a 
> few directories.  This allows both security and OS abstraction. 
> 
> I guess what I'll need to do is create my own I/O facilities 
> by writing new 
> io.open, io.close, io.flush, os.remove, and os.rename 
> functions that use 
> PhysicsFS functionality.  Perhaps I should also remove the functions 
> os.execute, os.exit, and os.getenv. 
> 
> Are there any other projects like this that I can check out?  
> If not, do you 
> have any suggestions on making my host program secure?  
> Thanks for the help. 

I did a similar thing for Web Lua:
http://doris.sourceforge.net/lua/weblua.php (Lua 4 still)

I disabled the "unsafe" functions by doing something like:

openfile = function() print("unsafe") end

E.g.

Lua script:

openfile()
Run using lua generates:

error: WebLua: Unsafe function openfile
stack traceback:
   1:  function `error' [C]
   2:  function `openfile' at line 6 [file `../../bin/safe.lua']
   3:  main of file `/tmp/wlpAsF1z' at line 2
   4:  function `dof' [C]
   5:  function `dofile' at line 27 [file `../../bin/safe.lua']
   6:  main of file `../../bin/safe.lua' at line 30

If you're building a safe exe you could choose not to add the Lua IO
library to any state created (i.e. just don't open it). Perhaps you
could complete remove io and add a physics library. You can remove
selected functions by repeating the above example, e.g.

os.execute = function() ... end

You can do this on the C side used Web Lua as well - then just copying
the bits you want. Just paste the above into the code box and hit
"lua2c", e.g.

Lua script:

os.execute = function() print("unsafe") end

lua2c generates the following: 
static int MAIN(lua_State *L)
{
 lua_getglobal(L,"os");
 lua_pushstring(L,"execute");
 lua_pushcclosure(L,F1,0);
 lua_settable(L,-2);
 lua_remove(L,-2);
 return 0;
}

static int F1(lua_State *L)
{
 lua_getglobal(L,"print");
 lua_pushstring(L,"unsafe");
 lua_call(L,1,0);
 return 0;
}

/* function prototypes */
static int F1(lua_State *L);

I execute the scripts in a restricted shell, with a timeout of 1-2
seconds and limited memory so noone can abuse it too much - e.g.
infinite loops etc

[mmm I wonder why the counters reset?!]

Nick

Follow-Ups:
- Re: Restricting file access, Enrico Colombini

Prev by Date: Re[2]: Unicode?
Next by Date: Re: Unicode?
Previous by thread: Restricting file access
Next by thread: Re: Restricting file access
Index(es):
- Date
- Thread