ansaurus

Question

Answer 1

+1 A:

You can use the lua_setglobal function provided by the Lua API to set those values in the global namespace to nil which will effectively prevent any user scripts from being able to access them.

lua_pushnil(state_pointer);
lua_setglobal(state_pointer, "io");

lua_pushnil(state_pointer);
lua_setglobal(state_pointer, "loadfile");

...etc...

Amber 2009-08-03 21:33:39

Answer 2

A:

You can override (disable) any Lua function you want and also you can use metatables for more control.

Nick D 2009-08-03 21:34:31

Metatables can be bypassed via rawget() and should not be used for security, only for convenience.

Amber 2009-08-03 21:37:20

thanks for mentioning that.

Nick D 2009-08-03 21:50:49

Can't you override rawget if you want?

RCIX 2009-08-03 22:29:34

RCIX, you can do it. You have the *freedom* to do almost anything in Lua :-)

Nick D 2009-08-03 22:49:55

You *could* override rawget, but that would break non-malicious metatable functionality as well, and is not an ideal solution.

Amber 2009-08-04 19:22:49

Answer 3

+11 A:

You can set the function environment that you run the untrusted code in via setfenv(). Here's an outline:

local env = {}
setfenv(untrusted_function, env)
pcall(untrusted_function)

The function can only access what is in its environment. So you can then explicitly add in the functions that you want the untrusted code to have access to (whitelist).

See Lua Sandboxes for an example and more information on lua sandboxing.

Karl Voigtland 2009-08-03 21:37:00

Answer 4

+1 A:

One of the easiest ways to clear out undesirables is to first load a Lua script of your own devising, that does things like:

load = nil
loadfile = nil
dofile = nil

Alternatively, you can use setfenv to create a restricted environment that you can insert specific safe functions into.

Totally safe sandboxing is a little harder. If you load code from anywhere, be aware that precompiled code can crash Lua. Even completely restricted code can go into an infinite loop and block indefinitely if you don't have system for shutting it down.

John Calsbeek 2009-08-04 00:22:17

You don't actually have to load a Lua script to nil things out - you can use the Lua API functions that I mentioned in my answer to nil out the globals from outside of Lua.

Amber 2009-08-04 19:24:07

Indeed, but this is in some ways easier, hence the "easiest" qualification.

John Calsbeek 2009-08-05 02:47:56

Answer 5

+4 A:

The Lua live demo contains a (specialized) sandbox. The source is freely available.

lhf 2009-08-04 01:31:09

Answer 6

+1 A:

This question may be helpful:

http://stackoverflow.com/questions/966162/best-way-to-omit-lua-standard-libraries

Nick 2009-08-04 14:58:37

ansaurus

tags:

views:

answers:

How can I create a secure Lua sandbox?

related questions