Re: load and upvalues

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: load and upvalues
From: "Soni \"They/Them\" L." <fakedme@...>
Date: Tue, 7 May 2019 19:31:13 -0300



On 2019-05-07 7:07 p.m., Egor Skriptunoff wrote:

On Tue, May 7, 2019 at 11:55 PM Soni "They/Them" L. wrote:


    Sandbox killer.

    I don't believe string.dump should return upvalues.



Returning upvalues would not become a "sandbox killer".

Even if *string.dump()* does not return upvalues,
when building a sandbox, you MUST modify *string.dump()* to rejectdumping your own functions.Otherwise all constants used in your functions will be known tountrusted code.
Untrusted code must be limited to dumping only its own functions.
Yes, you should keep a list of your own functions exposed to untrustedcode.
For example, when untrusted code invokes
string.dump(your_function),
you should instead invoke the following
string.dump(function(...) return your_function(...) end)
This way, untrusted code could successfully dump and loadyour_function() without being able to extract any info about it.

Untrusted code can also just go on github and extract everything itwants to know about it.


The secret is not in the code (constants).

I only need to modify string.dump to sign the stuff with anauthentication key (aka "salt" but really look into HMAC), and verifythat in load().

References:
- Re: load and upvalues, Egor Skriptunoff
- Re: load and upvalues, Soni "They/Them" L.
- Re: load and upvalues, Egor Skriptunoff

Prev by Date: Re: load and upvalues
Next by Date: Re: Must "attempt to get length of a number value" be an error?
Previous by thread: Re: load and upvalues
Next by thread: Re: load and upvalues
Index(es):
- Date
- Thread