[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: Implementing a simple sandbox -- another quirk
- From: Max Ischenko <max@...>
- Date: Wed, 25 Jun 2003 09:15:49 +0300
Luiz Henrique de Figueiredo wrote:
> >While string compiled with loadstring() is evaluated in a safe sandbox,
> >function that are called from that chunk could freely refer to globals,
> >like os.execute. Right?
> No. See the program below, which is what I think you're trying to achieve.
No? Seems like you're saying the same thing as I did.
May be I just failed to communicate my understanding clearly.
> Note that a simple "return" suffices in loadstring. (In production code,
> you have to check whether loadstring retuns nil, of course.)
Yep. I do.
> function sandbox(env, f, ...)
> local g = getfenv(f)
> setfenv(f, env)
> local retval = f(unpack(arg))
> setfenv(f, g)
> return retval
> end
> function run(B,s)
> local f=loadstring("return "..s)
> print(sandbox(B, f))
> end
> DATE=10
> B={ DATE=20, print=print, }
> run(B,"DATE")
> run(B,"os.execute'date'")
I meant something like this:
function cheat() os.execute'date +%x' end
DATE=10
B={ DATE=20, print=print, cheat=cheat}
run(B,"DATE")
run(B,"cheat()")
Therefore, sandbox is safe as long as functions
that I put into it's env. are safe. This is probably not a problem,
since I know what functions are in that env.
Still, it'd be nice to be able to restrict env. of the functions like
cheat.
--
С уважением, Максим Ищенко.
Главный инженер-программист, ЗАО "Мальва".