sandboxing embedded 5.2

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: sandboxing embedded 5.2
From: Jeremy Carter <jeremy@...>
Date: Fri, 21 Sep 2012 15:19:32 -0400

Hi,
I'm completely new to Lua, but loving it already. However, I've been
having issues with sandboxing the environment for an embedded C++
project. Clearly I'm doing it wrong, but I haven't been able to find
information online about the right way to do it.

Basically, my C++ engine is going to use Lua scripts for some of its
configuration and program logic, and I'm trying to force the scripts
into a sandbox using the method outlined here:
http://stackoverflow.com/questions/1224708/how-can-i-create-a-secure-lua-sandbox/6982080#6982080

Of course, this method works well if you're dealing in pure Lua, but
I'm trying to use the Lua C API's luaL_dostring() function to load the
script. How I do this is I make a string containing the Lua code for
setting _ENV = my_whitelist_table, then I concatenate it to the front
of a string containing the actual Lua script I want to run in the
sandbox. The problem is, as soon as I assign my whitelist to _ENV,
something seems to break because I can't access any of the variables
or functions defined in the script from C++ after luaL_dostring()
finishes running. If I ditch the sandboxing and just run the script
(without changing _ENV), I can push and retrieve globals from the
stack, but after changing _ENV, all the globals are nil as soon as the
string of Lua code finishes running, and I can't get at them from C++.

Here is a snippet of what I'm doing on the C++ side:
//--------------------------------
lua_State* sandboxed_L(luaL_newstate());
luaL_openlibs(sandboxed_L);

std::string Lua_whitelist(    // my real whitelist is much bigger
    "print = print"
);

std::string Lua_sandboxing_script(
    "sandbox_env = { " + Lua_whitelist + " }  "
    "_ENV = sandbox_env "
);

// open Lua script to run here, and load its contents into a string
std::string Lua_script_to_run(some_lua_script_file.contents());

std::string Lua_sandboxed_script_to_run( Lua_sandboxing_script +
Lua_script_to_run )

if (luaL_dostring(sandboxed_L, Lua_sandboxed_script_to_run))
{
    // error checking
}
//--------------------------------

All globals seem to be lost after this code is finished running, which
means I can't get anything from the script into my C++ engine. The
problem is not present if I remove the parts where I assign the
whitelist to _ENV.

I must be doing it the wrong way. Can anyone point me in the right
direction? I'd really prefer a whitelist approach similar to this if
possible, it would be much better than diving into Lua's sources and
removing all the functions I don't want. Sorry if this has already
been discussed, I just couldn't find it anywhere.

Follow-Ups:
- Re: sandboxing embedded 5.2, Jeremy Carter

Prev by Date: Re: Reading characters from stdin
Next by Date: Re: declare func with luaL_dostring and call it with second luaL_dostring?
Previous by thread: Re: lua_pushunsigned undocumented
Next by thread: Re: sandboxing embedded 5.2
Index(es):
- Date
- Thread