Centralize Lua sandboxing

author: Robin Gareus <robin@gareus.org> 2017-08-09 04:07:23 +0200
committer: Robin Gareus <robin@gareus.org> 2017-08-10 02:25:49 +0200
commit: 0191a9c4c2749871887e3a2878a36afef90f832b (patch)
tree: 8e73f73ce8b2a986f8b5119b557932b28ce0d93f /libs
parent: cba622cdcecdba2fd88556c4364646c96f4451c6 (diff)
5 files changed, 17 insertions, 6 deletions
diff --git a/libs/ardour/luaproc.cc b/libs/ardour/luaproc.cc
index 0e181dbb6b..6581743771 100644
--- a/libs/ardour/luaproc.cc
+++ b/libs/ardour/luaproc.cc
@@ -163,7 +163,7 @@ LuaProc::init ()
 	lua_setglobal (L, "self");
 
 	// sandbox
-	lua.do_command ("io = nil os = nil loadfile = nil require = nil dofile = nil package = nil debug = nil");
+	lua.sandbox (true);
 #if 0
 	lua.do_command ("for n in pairs(_G) do print(n) end print ('----')"); // print global env
 #endif
diff --git a/libs/ardour/luascripting.cc b/libs/ardour/luascripting.cc
index 8e9157afe8..0367f5830d 100644
--- a/libs/ardour/luascripting.cc
+++ b/libs/ardour/luascripting.cc
@@ -179,8 +179,7 @@ LuaScripting::scan_script (const std::string &fn, const std::string &sc)
 
 	lua_State* L = lua.getState();
 	lua.Print.connect (&LuaScripting::lua_print);
-
-	lua.do_command ("io = nil;");
+	lua.sandbox (true);
 
 	lua.do_command (
 			"ardourluainfo = {}"
@@ -339,7 +338,7 @@ LuaScriptParams::script_params (const std::string& s, const std::string &pname,
 
 	LuaState lua;
 	lua_State* L = lua.getState();
-	lua.do_command ("io = nil;");
+	lua.sandbox (true);
 	lua.do_command ("function ardour () end");
 
 	try {
@@ -416,6 +415,7 @@ LuaScripting::try_compile (const std::string& script, const LuaScriptParamList&
 	}
 	LuaState l;
 	l.Print.connect (&LuaScripting::lua_print);
+	l.sandbox (true);
 	lua_State* L = l.getState();
 
 	l.do_command (""
@@ -425,7 +425,7 @@ LuaScripting::try_compile (const std::string& script, const LuaScriptParamList&
 			"  assert(type(f) == 'string', 'Assigned ByteCode must be string')"
 			"  local factory = load(f)"
 			"  assert(type(factory) == 'function', 'Factory is a not a function')"
-			"  local env = _ENV;  env.f = nil env.debug = nil os.exit = nil"
+			"  local env = _ENV; env.f = nil env.os = nil env.io = nil"
 			"  load (string.dump(factory, true), nil, nil, env)(a)"
 			" end"
 			);
@@ -454,6 +454,7 @@ LuaScripting::get_factory_bytecode (const std::string& script, const std::string
 {
 	LuaState l;
 	l.Print.connect (&LuaScripting::lua_print);
+	l.sandbox (true);
 	lua_State* L = l.getState();
 
 	l.do_command (
diff --git a/libs/ardour/session.cc b/libs/ardour/session.cc
index 91f67cf3da..764e05c3e8 100644
--- a/libs/ardour/session.cc
+++ b/libs/ardour/session.cc
@@ -5500,6 +5500,7 @@ Session::setup_lua ()
 	lua.Print.connect (&_lua_print);
 #endif
 	lua.tweak_rt_gc ();
+	lua.sandbox (true);
 	lua.do_command (
 			"function ArdourSession ()"
 			"  local self = { scripts = {}, instances = {} }"
@@ -5516,7 +5517,6 @@ Session::setup_lua ()
 			"   assert(type(a) == 'table' or type(a) == 'nil', 'Given argument is invalid')"
 			"   assert(self.scripts[n] == nil, 'Callback \"'.. n ..'\" already exists.')"
 			"   self.scripts[n] = { ['f'] = f, ['a'] = a }"
-			"   local env = _ENV;  env.f = nil env.io = nil env.os = nil env.loadfile = nil env.require = nil env.dofile = nil env.package = nil env.debug = nil"
 			"   local env = { print = print, tostring = tostring, assert = assert, ipairs = ipairs, error = error, select = select, string = string, type = type, tonumber = tonumber, collectgarbage = collectgarbage, pairs = pairs, math = math, table = table, pcall = pcall, bit32=bit32, Session = Session, PBD = PBD, Timecode = Timecode, Evoral = Evoral, C = C, ARDOUR = ARDOUR }"
 			"   self.instances[n] = load (string.dump(f, true), nil, nil, env)(a)"
 			"   Session:scripts_changed()" // call back
diff --git a/libs/lua/lua/luastate.h b/libs/lua/lua/luastate.h
index 5a5c939c2a..cdc7f2b2bf 100644
--- a/libs/lua/lua/luastate.h
+++ b/libs/lua/lua/luastate.h
@@ -36,6 +36,7 @@ public:
 	void collect_garbage ();
 	void collect_garbage_step ();
 	void tweak_rt_gc ();
+	void sandbox (bool rt_safe = false);
 
 	sigc::signal<void,std::string> Print;
 
diff --git a/libs/lua/luastate.cc b/libs/lua/luastate.cc
index 8b704fbe6a..80ce41944c 100644
--- a/libs/lua/luastate.cc
+++ b/libs/lua/luastate.cc
@@ -89,6 +89,15 @@ LuaState::tweak_rt_gc () {
 }
 
 void
+LuaState::sandbox (bool rt_safe) {
+	do_command ("loadfile = nil dofile = nil require = nil dofile = nil package = nil debug = nil os.exit = nil os.setlocale = nil rawget = nil rawset = nil coroutine = nil module = nil");
+	if (rt_safe) {
+		do_command ("os = nil io = nil");
+	}
+}
+
+
+void
 LuaState::print (std::string text) {
 	Print (text); /* EMIT SIGNAL */
 }
author	Robin Gareus <robin@gareus.org>	2017-08-09 04:07:23 +0200
committer	Robin Gareus <robin@gareus.org>	2017-08-10 02:25:49 +0200
commit	0191a9c4c2749871887e3a2878a36afef90f832b (patch)
tree	8e73f73ce8b2a986f8b5119b557932b28ce0d93f /libs
parent	cba622cdcecdba2fd88556c4364646c96f4451c6 (diff)