lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

On 19/03/17 12:51 PM, David F wrote:
On 19.03.2017 03:13, Kat Kioo wrote:
First I apologize for my bad spelling as I am on my phone.
Removing at compile time is relatively easy as you can just open
specific libraries when you create the state. In the case of io library
you could rewrite src/lib_io.c to remove what you dont need and put the
path checks in the c code itself.

For paths it is very tricky as it is os dependant. If the game is
windows only, call PathCanocalize and compare the path output to your

No problem. I guess editing the lua source directly is the best approach. But as I said, want to keep things simple for now. The game is Windows only and PathCanonicalize is surely good to know, thanks.

On 19.03.2017 11:20, Sean Conner wrote:
> It was thus said that the Great David F once stated:
>> On 19/03/17 02:27 AM, Kat Kioo wrote:
>>> In general you should just remove the functions at compile time instead >>> of removing at runtime in the vm. Another thing that you might consider a >>> security ossue is your makesafeph function. In general it is not as simple
>>> as a few regex replaces.
>> Not really sure how to imagine the first part. Sounds complicated.
>> makeSafePath does not use regex. It checks for a relative path that
>> escapes its parent directory (".."), if it doesn't the user dir is
>> prefixed and the result returned. I tried finding out if there is anything >> else special going on with paths under windows, but the best I could find
>> was a msdn article that didn't reveal anything new. When fed with an
>> absolute path the function should return an invalid path. I'll probably do
>> check for that and just return nil.
> It looks like your running your code under Windows, which has a several
> issues that Unix (Linux, Mac OS-X) does not have.
>   First off, you don't check for drive letters at the start of the file
> name. Second, there are certain file names that should be checked for and
> rejected [1], like CON (or con or con.txt or con.any_extension_really).
> Now, assuming a filename doesn't contain a drive letter or contains a device > name, if it starts with a '/' or a '\', it can be rejected for being a full
> path:
>     if pathname:match "^[\\/]" then error() end
> otherwise it's a relative name.  You can break it apart on the path
> separator, looking at each segment and applying some logic. Here, I
> accumulate each segment (assuming a relative path without device names and > using a '/' for a path separator) in a table. For ".." (parent directory) I > remove the last recently added segment; for anything other than "." I add it
> ("." is "current directory" and can be ignored):
>     local function normalize(path)
>       local acc = {}
>       for segment in path:gmatch("[^/]+") do
>         if segment == ".." then
>           table.remove(acc)
>         else if segment ~= "." then
>           table.insert(acc,segment)
>         end
>       end
>       return table.concat(acc,'/')
>     end
> Trying it:
>     print(normalize("../../../../../../../etc/passwd"))
>     print(normalize(".././.././here/../be/../dragons"))
>     etc/passwd
>     dragons
> Then you can just prepend on the "root" directory.
>   -spc
> [1]

I like that function a lot, thanks. Totally forgot to ignore ".".
So I did my own version:

    makeSafePath = function(path)
        if type(path) ~= "string" then return nil end
        path = path:gsub([[\]], "/")

        if path:match("^[^/]+:") or path:match("^/") then
            error("absolute path not allowed")

        local segments = {}
        for segment in path:gmatch("[^/]+") do
            if segment == ".." then
            elseif segment ~= "." then
                table.insert(segments, segment)

        return sandbox.userDir .. table.concat(segments, '/')

I think that will do.
As for reserved file names, apparently windows just says "No" and does not do anything. Good enough for me.

Diese E-Mail wurde von Avast Antivirus-Software auf Viren geprüft.

I think you should treat the "I/O directory" as the virtual drive root and make all absolute paths be relative to it. Like everyone else does.

Disclaimer: these emails may be made public at any given time, with or without reason. If you don't agree with this, DO NOT REPLY.