lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index] 

Luiz Henrique de Figueiredo wrote:

> >While string compiled with loadstring() is evaluated in a safe sandbox,
> >function that are called from that chunk could freely refer to globals,
> >like os.execute. Right?

> No. See the program below, which is what I think you're trying to achieve.
No? Seems like you're saying the same thing as I did.
May be I just failed to communicate my understanding clearly.

> Note that a simple "return" suffices in loadstring. (In production code,
> you have to check whether loadstring retuns nil, of course.)
Yep. I do.

>  function sandbox(env, f, ...)
>   local g = getfenv(f)
>   setfenv(f, env)
>   local retval = f(unpack(arg))
>   setfenv(f, g)
>   return retval
>  end

>  function run(B,s)
>   local f=loadstring("return "..s)
>   print(sandbox(B, f))
>  end

>  DATE=10
>  B={ DATE=20, print=print, }
>  run(B,"DATE")
>  run(B,"os.execute'date'")

I meant something like this:

function cheat() os.execute'date +%x' end

DATE=10
B={ DATE=20, print=print, cheat=cheat}
run(B,"DATE")
run(B,"cheat()")


Therefore, sandbox is safe as long as functions
that I put into it's env. are safe. This is probably not a problem,
since I know what functions are in that env.

Still, it'd be nice to be able to restrict env. of the functions like
cheat.

-- 
 С уважением, Максим Ищенко.
 Главный инженер-программист, ЗАО "Мальва".