Re: Lua 5.1.1 has been frozen

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: Lua 5.1.1 has been frozen
From: David Given <dg@...>
Date: Wed, 14 Jun 2006 15:35:26 +0100

Greg McCreath wrote:
[...]
> Ideally, I'd want to place all my standard library code in a single global > environment and have each 'protected' environment access it in a
controlled
> shared manner from its own environment. I could use multiple lua_states to
> get complete separation, but then all my library code needs to be loaded in
> each one.  Lua threads go some way towards a solution.

You ought to be able to do this, but it's hard.

You need to construct a global environment for each sandbox, and then
populate the sandbox with proxies to all the various bits of Lua
functionality you want to give your sandboxes access to. The problem
here is that Lua fails 'dangerous' --- if you simply share, say, the
'string' table between all your sandboxes, then if a sandbox modifies
it, that change will be seen by all of the other sandboxes. You need to
ensure that your sandbox can't access any mutable data structure that's
visible from any other sandbox. So you will need to be very sure that
you're doing this population in a secure way.

Other things you'll need to do, off the top of my head:

 * Wrap setfenv() and getfenv() to ensure that they won't operate on a
system function, otherwise a malicious user could bypass your security
that way;
 * Disable the debug library completely from within your sandbox,
because they'll let you bypass Lua's scoping mechanism;
 * Wrap loadlib() to prevent the user from loading an arbitrary shared
library;
 * Use debug hooks to prevent malicious code from using too much CPU
time (and memory);
 * Lots of other stuff I haven't thought about.

AIUI, you should be able to do all of this in pure Lua code. You may get
speed optimisations by writing some of it in C, but the *functionality*
should be there.

Has anyone actually come up with a comprehensive library that does all
this? (I have a project that could use it, too.)

-- 
+- David Given --McQ-+ "Preacher, don't the Bible have some pretty
|  dg@cowlark.com    | specific things to say about killing?" "Quite
| (dg@tao-group.com) | specific. It is, however, somewhat fuzzier on the
+- www.cowlark.com --+ subject of kneecaps." --- Firefly, _War Stories_

Attachment: signature.asc
Description: PGP signature

Attachment: signature.asc
Description: OpenPGP digital signature

Follow-Ups:
- Sandboxing (was Re: Lua 5.1.1 has been frozen), Mark Hamburg

References:
- RE: Lua 5.1.1 has been frozen, Greg McCreath

Prev by Date: Re: Crash in luaM_realloc_()
Next by Date: CRC in lua
Previous by thread: Re: Lua 5.1.1 has been frozen
Next by thread: Sandboxing (was Re: Lua 5.1.1 has been frozen)
Index(es):
- Date
- Thread