[Date Prev][Date Next][Thread Prev][Thread Next]
- Subject: sandboxing turns into pain in the ...
- From: "mr. Aleph" <mraleph@...>
- Date: Tue, 07 Mar 2006 12:36:51 +0600
Lets consider sandboxing require, here is problems we will encounter:
0. We can't do setfenv(require, sandbox), because it'll break global
require. So we need a way to clone functions.
1. require uses registry to store loaded packages, so setfenv(require,
sandbox) won't protect our package.loaded
2. We need to sandbox loaders (as well as already loaded packages).
Here problems we will encounter:
2.1. CFunctions' globals are globals, LuaFunction's globals are
environment variables. (Have you ever heard about this malicious
difference? OP_GETGLOBAL?! Ha-Ha.). So we need to use different approaches.
2.2. Callee does not inherit environment of caller. (Ah, you've
already sandboxed only caller? Now go and sandbox its children)
I worshiped design of Lua. Today I hate it (at least this
`environment' vs `global' problem).
I'm ready to listen all your thoughts.
P.S. Of cause we can use some tricks to save our souls. For example
modify couroutine.create to take table as second parameter and
lua_replace globals with this table. This trick can help you with some
cfunctions (but not lua ones, globals are not globals for them, do you
remember?). But such aberrations as require will bypass...