lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

> I am trying to write a "secure" host program that can run lua 
> scripts.  The 
> program will use PhysicsFS (link below) to restrict file 
> system access to a 
> few directories.  This allows both security and OS abstraction. 
> I guess what I'll need to do is create my own I/O facilities 
> by writing new 
>, io.close, io.flush, os.remove, and os.rename 
> functions that use 
> PhysicsFS functionality.  Perhaps I should also remove the functions 
> os.execute, os.exit, and os.getenv. 
> Are there any other projects like this that I can check out?  
> If not, do you 
> have any suggestions on making my host program secure?  
> Thanks for the help. 

I did a similar thing for Web Lua: (Lua 4 still)

I disabled the "unsafe" functions by doing something like:

openfile = function() print("unsafe") end


Lua script:

Run using lua generates:

error: WebLua: Unsafe function openfile
stack traceback:
   1:  function `error' [C]
   2:  function `openfile' at line 6 [file `../../bin/safe.lua']
   3:  main of file `/tmp/wlpAsF1z' at line 2
   4:  function `dof' [C]
   5:  function `dofile' at line 27 [file `../../bin/safe.lua']
   6:  main of file `../../bin/safe.lua' at line 30

If you're building a safe exe you could choose not to add the Lua IO
library to any state created (i.e. just don't open it). Perhaps you
could complete remove io and add a physics library. You can remove
selected functions by repeating the above example, e.g.

os.execute = function() ... end

You can do this on the C side used Web Lua as well - then just copying
the bits you want. Just paste the above into the code box and hit
"lua2c", e.g.

Lua script:

os.execute = function() print("unsafe") end

lua2c generates the following: 
static int MAIN(lua_State *L)
 return 0;

static int F1(lua_State *L)
 return 0;

/* function prototypes */
static int F1(lua_State *L);

I execute the scripts in a restricted shell, with a timeout of 1-2
seconds and limited memory so noone can abuse it too much - e.g.
infinite loops etc

[mmm I wonder why the counters reset?!]