lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]


Bertrand Mansion schrieb:

Le 4 mai 07 à 09:13, Jan Schütze a écrit :

Hello,

there was something like my problem in the list before [1], but I got a different problem with this.

Since we want to host different lua-websites on my server, we want to limit the users' script access to his own directory only.

For Example:
foo
 - index.lua
bar
 - index.lua
 - pass.lua

Currently it is possible with lua to do the following:
 io.open([[../bar/pass.lua]]

So an other user is able to access this directory and its content. If all scripts would run with the same user account, he maybe would be even able to write the files!

Of course I am aware of the fact that you could use multiple accounts on windows or chroot on *nix (copying/symlinking the binaries, needed here), this would be lots of work for admins to create a new user.

The soloution at the post from September 2003 [1] is not what I wanted, because its possible to overwrite the functions again, or am I wrong? Is there any compile option or powerpatch available to add this base dir limit for scripts?

Hi,

Page 49 in the "Programming in Lua" manual, they give a good example on how to create sandboxes for your problem.
Page 50 explains what's cool about the given example.

This is a good read, I bought the book and I loved it (and the cover is cool :)).
--
Bertrand Mansion
Mamasam
Thanks for the hint.

This makes it really secure (at least for the basic library, modules can do whatever they want, can't they?).

Kind regards,
 Jan (DracoBlue)

--

http://dracoblue.net