lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index] 

On Sun, May 3, 2015 at 8:38 PM, Dirk Laurie <dirk.laurie@gmail.com> wrote:
> 2015-05-03 21:24 GMT+02:00 Andrew Starks <andrew.starks@trms.com>:
>
>> I could not bare to triple post, and this idea is different enough
>> that I'll take the opportunity to fork...
>>
>> sand boxing the string's metamethods is something that would be nice
>> to be able to do, but it is hard to imagine that feature existing
>> without something being treated as "special".
>>
>> I don't know if this mechanism would be general and useful enough for
>> consideration, but I did think of a way that I believe could be used
>> to solve this problem.
>
> It is trivial to sandbox a string's methods.
>
> ---
> $ lua
> Lua 5.3.0  Copyright (C) 1994-2015 Lua.org, PUC-Rio
>> getmetatable"".__metatable = "Sandboxed!"
>> string = nil
>> str = "The quick brown fox"
>> for k in str:gmatch"%S+" do print(k) end
> The
> quick
> brown
> fox

This is exactly what I want to prevent.

Even some built-in string methods are considered dangerous, at least
string.dump [1]. Not to mention methods added to string by 3d party
libraries.

Sanboxed code must not call string.dump, while it is still needed
outside the sandbox. Here is some practical example showing why it is
a bad idea to expose string.dump to untrusted code [2].

[1] http://lua-users.org/wiki/SandBoxes
[2] https://github.com/starius/config/blob/master/bin/sandbox_test2.lua

-- 


Best regards,
Boris Nagaev