lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]


On 18/03/17 10:47 PM, Soni L. wrote:
> You don't need to worry about 2 and 3 if you disable "os" lib.

os is disabled except clock, difftime and time.

> Wrapping "io" lib is painful but possible.
> Remember to also remove "require", "loadfile", "dofile", etc, then 
> reimplement them using wrapped "io". Use a wrapped "load"/"loadstring" 
> and implement signed bytecode loading so you don't load untrusted 
> bytecode. (With the caveat that an user could manually retrieve the key 
> and manually load untrusted bytecode, but the key isn't portable anyway 
> so it's a non-issue. Just use a secure CSPRNG when the user runs the 
> game for the first time.)

Did exactly that. 

	safeIO = 
	{
		close = _G.io.close,
		flush = _G.io.flush,
		type = _G.io.type,
		tmpfile = _G.io.tmpfile,
		read = _G.io.read,
		write = _G.io.write,

		input = function(file)
			if file and not _G.io.type(file) then
				file = sandbox.makeSafePath(file)
			end

			return _G.io.input(file)
		end,
		
		output = function(file)
			if file and not _G.io.type(file) then
				file = sandbox.makeSafePath(file)
			end

			return _G.io.output(file)
		end,

		lines = function(fileName)
			if fileName then
				fileName = sandbox.makeSafePath(fileName)
			end

			return _G.io.lines(fileName)
		end,

		open = function(fileName, mode)
			fileName = sandbox.makeSafePath(fileName)
			return _G.io.open(fileName, mode)
		end
	},


Bytecode is disabled entirely since there seem to be exploits.

--David