RomSteady

Lua Sandboxing

7 posts in this topic

(Running Leadwerks Indie for Steam)

 

I'm currently working on a settings module, and I'm running into a little bit of a problem.

 

I'm keeping all user-definable settings in a single Lua table. I've got serialization code to quickly save out that single table to disk functioning just fine. The problem comes on load.

 

I want to load the Settings object in a separate environment, and then iterate through and only pull over values that I recognize as safe, so no executable code, etc. in the settings file.

 

However, there are some problems, specifically that setfenv() and getfenv() are causing the process to end.

 

To demonstrate, I've got the following code:

 

function Settings:ShowFailure()
System:Print("Got here just fine...")
System:Print("getfenv is: " .. type(getfenv))
local myEnvironment = getfenv()
System:Print("Will never get here.")
end

 

If you call this code on launch, you'll get the following output:

 

Got here just fine...
getfenv is: function
Process Complete.

 

So you can see the code is executing and that getfenv is a recognized function, but as soon as getfenv() is called, the process ends.

 

Any thoughts? If Leadwerks was using Lua 5.2, I'd just use load with a target environment as a parameter, but I'm having to do things the 5.1 way.

0

Share this post


Link to post

This is a snippet from a post regarding the Leadwerks 3.1 beta, I'm not positive because I don't really use Lua, but I think this may be the source of your issue:

 

What's New

...

  • System::GetProperty will return a command-line argument or application setting, in that order of preference. You can now set values with System::SetProperty. Your game's settings will automatically be saved in a config file and reloaded next time you run it. This file is located in the OS app data directory. Lua file write commands will be blocked in the future in order to safely sandbox Lua on Steam, so use this instead.

 

I believe Josh had to disable direct file I/O for security.

0

Share this post


Link to post

I believe Josh had to disable direct file I/O for security.

 

Well, that'll do it. Funny thing is that io.open/read/write still work. Ah, well. Thank you.

 

As a side note, I hope he makes Get/SetProperty accept structured data instead of just strings.

0

Share this post


Link to post

There was some debate later in the thread about whether this was necessary. I'm not sure what the final decision was. In the event it doesn't get added, you could probably throw some JSON into a property and then use a parser if you have a complex format.

0

Share this post


Link to post

I actually ended up un-sandboxing Leadwerks before release, because people were asking about special LuaJIT features.

 

The interpreter initialize function does call luaL_openlibs(L). I have never used setfenv before in Lua, and don't know if it requires loading of additional libraries or anything like that. Here's the stuff that gets loaded:

static const luaL_Reg lualibs[] = {
{"", luaopen_base},
{LUA_LOADLIBNAME, luaopen_package},//Load DLLs
{LUA_TABLIBNAME, luaopen_table},//table
{LUA_IOLIBNAME, luaopen_io},//File IO
{LUA_OSLIBNAME, luaopen_os},//OS
{LUA_STRLIBNAME, luaopen_string},//string
{LUA_MATHLIBNAME, luaopen_math},//math
{LUA_DBLIBNAME, luaopen_debug},//debug
{NULL, NULL}
};

0

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Create Your Account

Sign in

Already have an account? Sign in here.


Sign In Now