On Sat, Apr 24, 2010 at 9:10 PM, Stuart P. Bentley
<stuart@testtrack4.com> wrote:
Take a look at the way the offivial Lua live demo is set up.
http://www.tecgraf.puc-rio.br/~lhf/ftp/lua/5.1/demo.tar.gz
If you're on Unix, you can take the same approach (running lua with ulimit -t 1).
On Sat, 24 Apr 2010 13:59:04 -0600, Kriss@XIXs.com <
Kriss@xixs.com> wrote:
Hello,
I'm thinking about setting up a sandbox environment for "small
snippets of code" on a server, although function sandboxing of lua
code is easy there are still a couple of areas where evil things can
still be done.
Specifically the act of using a lot of CPU, eg infinite loop, or a lot
of MEMORY by, for instance, recursively concatenating strings.
I'm hoping that it might be enough to use debug count hook to catch
run away loops and gcinfo at these points as a very crude way to keep
an eye on memory. IE I'm trying to do this inside lua rather than deal
with it at a system task level although I may decided I have to hook
into the memory allocator and of course there will be more security
wrapped on top of this.
For raw lua code with no libraries exposed this looks possible, and I
am prepared to remove a lot of functions, however.
One of the main problems is the string library. A library that
contains lots of useful functions which I would like to expose and
allow normal lua code to run. This also contains many chance to do bad
things.
Actually one problem is that all strings have access to the string
library via their metatable, how does one prevent this or point it at
a different table, is my only option to modify the main string
library?
Anyway, the main issue I'm thinking of is things like
string.rep(longstring,hugenumber)
Would be something that needs to be stopped since it can chug away for
a long time allocating memory without triggering any debug hooks.
Can anyone help me with examples of other pieces of code that would
also do bad things without triggering any debug hooks?
I'm suspecting that all of the pattern functions in the string library
are just too dangerous, but I'm not sure exactly where :)
Since this is a security problem anything, anyone can think of,
especially something obscure that I am likely to miss, would be great.
Cheers,
For things like endless loops or code that takes too long to complete you might consider putting that code in a separate thread (a la lua lanes). Those threads can easily be killed (for example with a maximum time out value).