lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]


2010/1/20 ingmar wirths <ingmania@googlemail.com>
2010/1/19 Rob Kendrick <rjek@rjek.com>:
> On Tue, 19 Jan 2010 17:49:47 +0100
> ingmar wirths <ingmania@googlemail.com> wrote:
>
>> > The idea is that if a Lua function can't see another Lua function,
>> > it can't call it, and it can't magic up a reference to it (unless
>> > you expose the debug interface, of course. :)
>>
>> Allright, but since these restrictions are all implemented in lua, how
>> can i enforce them, given that the user should be permitted to modify
>> his ai? From the point of my limited knowledge so far, i guess the
>> user could trivially escape from a sandbox, by just rewriting
>> everything. Am i missing something here?
>
> Because to /create/ the sandbox requires the calling of functions that
> must be written in C and are included by default.  You simply don't put
> those functions in your sand box.
>
> Trivial example:
>
>        function sandboxed_function()
>                print "hello, world!"
>        end
>
>        setfenv(sandboxed_function, { print = print })
>
>        sandboxed_function()
>
> Try altering the body of sandboxed_function as much as you like, the
> only thing it'll be able to call is print.

But when i permit the user to modifie the ai, he could simply remove the line

   setfenv(sandboxed_function, { print = print })

How can i prevent this?
I guess basically, i'll permit the user only to modifie certain
functions (as you
suggested with 'sandboxed_function'), but not the whole lua state.(?)

hm.. actually, i would like to permit the user to introduce new functions at his
caprice. Can i still put them in a sandbox automatically somehow?

You do that when you load their code:

code = loadfile ( "path/to/users.lua" ) -- Load user's code
setfenv ( code , { print = print } ) -- Sandbox user code
code ( ) -- Run user's code

^^ you load the user's script//code like this. you can do a similar thing from the C api too.