lua-users home
lua-l archive

Re: Sandbox implementation, attempt #2

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]


First I apologize for my bad spelling as I am on my phone. 
Removing at compile time is relatively easy as you can just open specific libraries when you create the state. In the case of io library you could rewrite src/lib_io.c to remove what you dont need and put the path checks in the c code itself.

For paths it is very tricky as it is os dependant. If the game is windows only, call PathCanocalize and compare the path output to your filters. 



On Mar 18, 2017 9:56 PM, "David F" <kumpuu@web.de> wrote:
On 19/03/17 02:27 AM, Kat Kioo wrote:
>In general you should just remove the functions at compile time instead of removing at runtime in the vm. Another thing that you might consider a security ossue is your makesafeph function. In general it is not as simple as a few regex replaces.
 
Not really sure how to imagine the first part. Sounds complicated.
makeSafePath does not use regex. It checks for a relative path that escapes its parent directory (".."), if it doesn't the user dir is prefixed and the result returned. I tried finding out if there is anything else special going on with paths under windows, but the best I could find was a msdn article that didn't reveal anything new. When fed with an absolute path the function should return an invalid path. I'll probably do check for that and just return nil.

--David


AltStyle によって変換されたページ (->オリジナル) /