Le 4 mai 07 à 09:13, Jan Schütze a écrit :
Hello,
there was something like my problem in the list before [1], but I got
a different problem with this.
Since we want to host different lua-websites on my server, we want to
limit the users' script access to his own directory only.
For Example:
foo
- index.lua
bar
- index.lua
- pass.lua
Currently it is possible with lua to do the following:
io.open([[../bar/pass.lua]]
So an other user is able to access this directory and its content. If
all scripts would run with the same user account, he maybe would be
even able to write the files!
Of course I am aware of the fact that you could use multiple accounts
on windows or chroot on *nix (copying/symlinking the binaries, needed
here), this would be lots of work for admins to create a new user.
The soloution at the post from September 2003 [1] is not what I
wanted, because its possible to overwrite the functions again, or am
I wrong?
Is there any compile option or powerpatch available to add this base
dir limit for scripts?
Hi,
Page 49 in the "Programming in Lua" manual, they give a good example
on how to create sandboxes for your problem.
Page 50 explains what's cool about the given example.
This is a good read, I bought the book and I loved it (and the cover
is cool :)).
--
Bertrand Mansion
Mamasam
