lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]


This is done in Lua using _ENV variable and a parameter in load function for the environment.
Pass a table to that function that doesn't have function don't want users to use
On 16 Mar 2022, 21:59 +0300, XavierH622 <JacobK622@protonmail.com>, wrote:
I have a feature request...
sandboxing
implementation:
two new c functions
"lua_sandbox(lua_state *L, bool sandboxed)" and
"lua_allow_fileio(lua_state *L, bool allow_fileio)"
when lua_sandbox(*L, true) is called, os.execute and other unsafe functions return nil and do nothing (file io is disabled by default)
in addition lua scripts are limited to 10,000 function calls/executions/commands, after that luaL_dostring & LuaL_dofile return.
when lua_sandbox(*L, false) is called, os.execute and other unsafe functions behave as they do normally in 5.4.4 (default state)
when lua_allow_fileio(*L, true) is called, afther lua_sandbox(*L, true) files can be opened, read, and written but are limited to the directory that the .lua file it' subfolders
also limited to writing 100 files and/or 60 MB
a new command line argument for "lua"/"lua.exe"
"-s" and/or "--sandboxed" runs scripts in sandboxed mode (calls "lua_sandbox(*L, true)" before execution)
"-f" and/or "--fileio" runs scripts in sandboxed mode with file io enabled (calls "lua_sandbox(*L, true)" then "lua_allow_fileio(*L, true)" before execution)
a new command line argument for "luac"/"luac.exe"
"--sandboxed" runs scripts in sandboxed mode (calls "lua_sandbox(*L, true)" before execution)
"-f" and/or "--fileio" runs scripts in sandboxed mode with file io enabled (calls "lua_sandbox(*L, true)" then "lua_allow_fileio(*L, true)" before execution)


My email is JacobK622@protonmail.com feel free to email me at any time,
although I may not respond immediately. (usually within 24hrs.)
From, Xavier H


Sent with ProtonMail secure email.