[Date Prev][Date Next][Thread Prev][Thread Next]
- Subject: RE: Restricting file access
- From: "Nick Trout" <nick@...>
- Date: Thu, 12 Jun 2003 13:51:43 -0700
> I am trying to write a "secure" host program that can run lua
> scripts. The
> program will use PhysicsFS (link below) to restrict file
> system access to a
> few directories. This allows both security and OS abstraction.
> I guess what I'll need to do is create my own I/O facilities
> by writing new
> io.open, io.close, io.flush, os.remove, and os.rename
> functions that use
> PhysicsFS functionality. Perhaps I should also remove the functions
> os.execute, os.exit, and os.getenv.
> Are there any other projects like this that I can check out?
> If not, do you
> have any suggestions on making my host program secure?
> Thanks for the help.
I did a similar thing for Web Lua:
http://doris.sourceforge.net/lua/weblua.php (Lua 4 still)
I disabled the "unsafe" functions by doing something like:
openfile = function() print("unsafe") end
Run using lua generates:
error: WebLua: Unsafe function openfile
1: function `error' [C]
2: function `openfile' at line 6 [file `../../bin/safe.lua']
3: main of file `/tmp/wlpAsF1z' at line 2
4: function `dof' [C]
5: function `dofile' at line 27 [file `../../bin/safe.lua']
6: main of file `../../bin/safe.lua' at line 30
If you're building a safe exe you could choose not to add the Lua IO
library to any state created (i.e. just don't open it). Perhaps you
could complete remove io and add a physics library. You can remove
selected functions by repeating the above example, e.g.
os.execute = function() ... end
You can do this on the C side used Web Lua as well - then just copying
the bits you want. Just paste the above into the code box and hit
os.execute = function() print("unsafe") end
lua2c generates the following:
static int MAIN(lua_State *L)
static int F1(lua_State *L)
/* function prototypes */
static int F1(lua_State *L);
I execute the scripts in a restricted shell, with a timeout of 1-2
seconds and limited memory so noone can abuse it too much - e.g.
infinite loops etc
[mmm I wonder why the counters reset?!]