lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]




On 19/03/17 12:51 PM, David F wrote:
On 19.03.2017 03:13, Kat Kioo wrote:
First I apologize for my bad spelling as I am on my phone.
Removing at compile time is relatively easy as you can just open
specific libraries when you create the state. In the case of io library
you could rewrite src/lib_io.c to remove what you dont need and put the
path checks in the c code itself.

For paths it is very tricky as it is os dependant. If the game is
windows only, call PathCanocalize and compare the path output to your
filters.

No problem. I guess editing the lua source directly is the best approach. But as I said, want to keep things simple for now. The game is Windows only and PathCanonicalize is surely good to know, thanks.

On 19.03.2017 11:20, Sean Conner wrote:
> It was thus said that the Great David F once stated:
>> On 19/03/17 02:27 AM, Kat Kioo wrote:
>>
>>> In general you should just remove the functions at compile time instead >>> of removing at runtime in the vm. Another thing that you might consider a >>> security ossue is your makesafeph function. In general it is not as simple
>>> as a few regex replaces.
>>
>> Not really sure how to imagine the first part. Sounds complicated.
>>
>> makeSafePath does not use regex. It checks for a relative path that
>> escapes its parent directory (".."), if it doesn't the user dir is
>> prefixed and the result returned. I tried finding out if there is anything >> else special going on with paths under windows, but the best I could find
>> was a msdn article that didn't reveal anything new. When fed with an
>> absolute path the function should return an invalid path. I'll probably do
>> check for that and just return nil.
>
> It looks like your running your code under Windows, which has a several
> issues that Unix (Linux, Mac OS-X) does not have.
>
>   First off, you don't check for drive letters at the start of the file
> name. Second, there are certain file names that should be checked for and
> rejected [1], like CON (or con or con.txt or con.any_extension_really).
> Now, assuming a filename doesn't contain a drive letter or contains a device > name, if it starts with a '/' or a '\', it can be rejected for being a full
> path:
>
>     if pathname:match "^[\\/]" then error() end
>
> otherwise it's a relative name.  You can break it apart on the path
> separator, looking at each segment and applying some logic. Here, I
> accumulate each segment (assuming a relative path without device names and > using a '/' for a path separator) in a table. For ".." (parent directory) I > remove the last recently added segment; for anything other than "." I add it
> ("." is "current directory" and can be ignored):
>
>     local function normalize(path)
>       local acc = {}
>       for segment in path:gmatch("[^/]+") do
>         if segment == ".." then
>           table.remove(acc)
>         else if segment ~= "." then
>           table.insert(acc,segment)
>         end
>       end
>
>       return table.concat(acc,'/')
>     end
>
> Trying it:
>
>     print(normalize("../../../../../../../etc/passwd"))
>     print(normalize(".././.././here/../be/../dragons"))
>
>     etc/passwd
>     dragons
>
> Then you can just prepend on the "root" directory.
>
>   -spc
>
> [1] https://support.microsoft.com/en-us/help/74496/ms-dos-device-driver-names-cannot-be-used-as-file-names
>

I like that function a lot, thanks. Totally forgot to ignore ".".
So I did my own version:

    makeSafePath = function(path)
        if type(path) ~= "string" then return nil end
        path = path:gsub([[\]], "/")

        if path:match("^[^/]+:") or path:match("^/") then
            error("absolute path not allowed")
        end

        local segments = {}
        for segment in path:gmatch("[^/]+") do
            if segment == ".." then
                table.remove(segments)
            elseif segment ~= "." then
                table.insert(segments, segment)
            end
        end

        return sandbox.userDir .. table.concat(segments, '/')
    end

I think that will do.
As for reserved file names, apparently windows just says "No" and does not do anything. Good enough for me.
--David

---
Diese E-Mail wurde von Avast Antivirus-Software auf Viren geprüft.
https://www.avast.com/antivirus



I think you should treat the "I/O directory" as the virtual drive root and make all absolute paths be relative to it. Like everyone else does.

--
Disclaimer: these emails may be made public at any given time, with or without reason. If you don't agree with this, DO NOT REPLY.