lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Hello Leonardo,

Thanks for your suggestion, which seems very interesting. I am a bit hesitant to go this way because I would be more confident in a lua version that is compiled with no potentially harmful functions, than to try to prevent to execute them at runtime. But maybe am I wrong on that point.

I will perform some tests with your solution.

But in all cases, I would be very interested to understand how a lua interpreter compiled without "luaopen_base" library initialisation call could still perform print function. For other functions I tested, this solution seemed to be concluant. But for this very particular function, my technique seems not to work. I do not really need to deactivate print function, as it is not really harmful, but I would be more confident in the technique if I understand why it does not behaves like I would have expected.

Any idea ?

Regards,

Brice
 

2018-09-03 21:21 GMT+02:00 Leonardo Gomes <leonardo.alves.gomes@usp.br>:
If you control the code that loads the untrusted Lua script and don't intend on modifying lua itself, I think you can achieve a "sandboxed" environment by using the setfenv function.

You could load the untrusted script through something like

chunk = loadfile("script.lua")
setfenv(chunk, {/* in this table you place only the functions that you don't consider harmful */ print = print})
script_result = chunk()

Em Seg, 3 de set de 2018 16:12, Brice André <brice@famille-andre.be> escreveu:
Dear all,

I am trying to embed Lua for a sandbox scripting language, where all potentially harmful functions would be deactivated.

To do so, I patched the file "linit.c" and commented all lines of "loadedlibs" declaration:

static const luaL_Reg loadedlibs[] = {
 // {"_G", luaopen_base},
 // {LUA_LOADLIBNAME, luaopen_package},
 // {LUA_COLIBNAME, luaopen_coroutine},
 // {LUA_TABLIBNAME, luaopen_table},
 // {LUA_IOLIBNAME, luaopen_io},
 // {LUA_OSLIBNAME, luaopen_os},
 // {LUA_STRLIBNAME, luaopen_string},
 // {LUA_MATHLIBNAME, luaopen_math},
 // {LUA_UTF8LIBNAME, luaopen_utf8},
 // {LUA_DBLIBNAME, luaopen_debug},
#if defined(LUA_COMPAT_BITLIB)
 // {LUA_BITLIBNAME, luaopen_bit32},
#endif
  {NULL, NULL}
};

As a result, functions like 'io.open' are no more available. But I am a little puzzled because some functiosn declared in "luaopen_base", like "print" function, are still available.

A I doing something wrong, or am I missing something ?

Or maybe is there a simpler/safer way of achieving what I am tring to do ?

Thanks in advance for your help,

Brice