lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]


Hello, thanks for the insight
As I said, preventing crashes or freezes are not my objective. While they suck, they don't do any major damage compared to a virus.
Host api is rather small but certainly a thing I'm keeping an eye on.
I'll just disable the ffi. Is there anything else perhaps that could be vulnerable? If neccessary I will switch to PUC-Rio, but that free performance boost is certainly nice to have.

--David

On 20.03.2017 14:06, Frank Kastenholz wrote:
Hi


I've built Lua sandboxes


there are a couple of other things to consider besides filesystem, i/o and the various
os library functions


1 memory use.  you want to ensure that the thing running in the sandbox can't over consume memory.  if the sandboxed software does something like
       s = " "
       for i =1,128,1 do
          s = s..s
      end
  you would have a problem in that it could prevent other parts of the system from executing


2 cpu use. as in #1, if you do
      for i=1,1000000000000000,1 do
      end
   it might lock the cpu up executing the for loop, preventing other things from running.
   the host os dispatcher might help, or it might not ... depending on how sophisticated it is
   and what other things might be running in the same thread/process as the lua program


3 access to the host application's apis needs to be mediated. if the lua app can make calls back to that api and cause it to do Bad Things
   then you would also have a problem. Suppose your game has a call like "allocate_game_elements(int number_of_elements,...)" and a
   rogue app asks to allocate 2^128 elements....




For what it's worth, when we developed our system we looked at luajit and decided against it in part because it was
difficult to provide protections.  Luajit, and its ffi, can generate direct calls to functions in the host environment --- we would
not be able to mediate the call, check the parameters, etc, etc. We found that standard PUC-RIO Lua was quite fast enough
for our applications (digital signal processing) and had ways for us to get in and develop the protections needed for our target
environment


Good Luck
Frank Kastenholz


On 03/18/17, Anon ym wrote:


Hello,





I'm currently adding lua (5.1/luajit) to a game (the stock modding system they provide is really crappy).


Now I don't want any modders to mess peoples PC's up, that's why I decided it needs a sandbox (also, hosting providers wouldn't accept it otherwise). So I patched one together from bits and pieces I found while doing research and extended it with my own ideas.





The problem is, sandboxing has many pitfalls, and I'm really new to lua. So I would really appreciate if anyone could take a look at my code and tell me if there is anything wrong with it. Don't want to waste anyones time but I figured this is the place to ask.


My goals were:


 - Lock user to a specific directory and allow I/O on everything in it


 - Prevent program execution, except lua scripts in user dir


 - Prevent access to parent environment


I don't care about crashes.





I decided to link the code instead of pasting it, because the message would be really long otherwise.


https://bitbucket.org/Kumpuu/warband-script-enhancer/src/a2132009816653d67352332429137620f98e044d/WSELib/LuaSandbox.txt?at=lua&fileviewer=file-view-default





Cheers.