[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: Modify Lua interpreter to implement a sandbox script language
- From: Frank Kastenholz <fkastenholz@...>
- Date: Tue, 4 Sep 2018 07:53:48 -0400
Hi
The simple answer is that you have to track down each and every function and then do the appropriate thing to disable/remove it.
Removing the code also is the only method that guarantees that the code can not be invoked via some unforeseen path.
Doing things like playing with the environment at runtime (eg “print=function () return end” or somesuch) certainly work and may be easier than modifying the base lua interpreter and libraries — on the other hand, some environments/project requirements/etc might only accept the absolute certainty that comes from physically removing the problematic code.
> On Sep 3, 2018, at 3:12 PM, Brice André <brice@famille-andre.be> wrote:
>
> Dear all,
>
> I am trying to embed Lua for a sandbox scripting language, where all potentially harmful functions would be deactivated.
>
> To do so, I patched the file "linit.c" and commented all lines of "loadedlibs" declaration:
>
> static const luaL_Reg loadedlibs[] = {
> // {"_G", luaopen_base},
> // {LUA_LOADLIBNAME, luaopen_package},
> // {LUA_COLIBNAME, luaopen_coroutine},
> // {LUA_TABLIBNAME, luaopen_table},
> // {LUA_IOLIBNAME, luaopen_io},
> // {LUA_OSLIBNAME, luaopen_os},
> // {LUA_STRLIBNAME, luaopen_string},
> // {LUA_MATHLIBNAME, luaopen_math},
> // {LUA_UTF8LIBNAME, luaopen_utf8},
> // {LUA_DBLIBNAME, luaopen_debug},
> #if defined(LUA_COMPAT_BITLIB)
> // {LUA_BITLIBNAME, luaopen_bit32},
> #endif
> {NULL, NULL}
> };
>
> As a result, functions like 'io.open' are no more available. But I am a little puzzled because some functiosn declared in "luaopen_base", like "print" function, are still available.
>
> A I doing something wrong, or am I missing something ?
>
> Or maybe is there a simpler/safer way of achieving what I am tring to do ?
>
> Thanks in advance for your help,
>
> Brice
