[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: Modify Lua interpreter to implement a sandbox script language
- From: Andrew Gierth <andrew@...>
- Date: Mon, 03 Sep 2018 21:03:35 +0100
>>>>> "Brice" == Brice André <brice@famille-andre.be> writes:
Brice> Dear all,
Brice> I am trying to embed Lua for a sandbox scripting language, where
Brice> all potentially harmful functions would be deactivated.
How do you define "harmful" for your environment? And what features do
you want sandboxed code to be able to use?
Brice> To do so, I patched the file "linit.c"
You shouldn't do it that way as a general rule.
There are a few different approaches: you can simply not use
luaL_openlibs() at all; or you can remove the unwanted libraries before
calling any untrusted code; or you can use a separate environment table
for untrusted code and populate it by copying only the functions and
(copies of) library tables you want to allow. (This last method is the
most flexible but probably also the most work to do.)
Brice> As a result, functions like 'io.open' are no more available. But
Brice> I am a little puzzled because some functiosn declared in
Brice> "luaopen_base", like "print" function, are still available.
That suggests that you called luaopen_base yourself from somewhere.
Some of the base functions are essentially part of the language -
especially select(), pairs(), ipairs(), type(), pcall(), error(),
assert(), tonumber(), tostring(). Without at least those, writing any
nontrivial code will be hard.
--
Andrew.