[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: Limit scripts access to directory only
- From: Bertrand Mansion <golgote@...>
- Date: Fri, 4 May 2007 10:16:16 +0200
Le 4 mai 07 à 09:13, Jan Schütze a écrit :
Hello,
there was something like my problem in the list before [1], but I
got a different problem with this.
Since we want to host different lua-websites on my server, we want
to limit the users' script access to his own directory only.
For Example:
foo
- index.lua
bar
- index.lua
- pass.lua
Currently it is possible with lua to do the following:
io.open([[../bar/pass.lua]]
So an other user is able to access this directory and its content.
If all scripts would run with the same user account, he maybe would
be even able to write the files!
Of course I am aware of the fact that you could use multiple
accounts on windows or chroot on *nix (copying/symlinking the
binaries, needed here), this would be lots of work for admins to
create a new user.
The soloution at the post from September 2003 [1] is not what I
wanted, because its possible to overwrite the functions again, or
am I wrong?
Is there any compile option or powerpatch available to add this
base dir limit for scripts?
Hi,
Page 49 in the "Programming in Lua" manual, they give a good example
on how to create sandboxes for your problem.
Page 50 explains what's cool about the given example.
This is a good read, I bought the book and I loved it (and the cover
is cool :)).
--
Bertrand Mansion
Mamasam
Work : http://www.mamasam.com
Blog : http://golgote.freeflux.net
