Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

LuaL_openlibs() and sandboxing scripts

Tags:

c++

c

lua

I am embedding Lua (5.1) in a C/C++ application.

I am using the LuaL_openlibs() function to load the base libs. However, this function loads some other libraries which I want to disable so that they are not available to my Lua scripts.

Specifically, I want to disable the IO and OS modules. Is there a function I can call to programmativally disable (or unload) these modules so that I can create a safe sandbox environment for running Lua scripts?

like image 781
skyeagle Avatar asked Dec 29 '10 02:12

skyeagle

2 Answers

luaL_openlibs just iterates through a list of library loaders, declared in the same file. Simply delete/comment out the luaopen_io and luaopen_os lines. Done.

If you're adverse to editing the Lua source, then you can define your own function which leaves out those two libraries:

#define LUA_LIB

#include "lua.h"
#include "lualib.h"
#include "lauxlib.h"

static const luaL_Reg lualibs[] = {
  {"", luaopen_base},
  {LUA_LOADLIBNAME, luaopen_package},
  {LUA_TABLIBNAME, luaopen_table},
  {LUA_STRLIBNAME, luaopen_string},
  {LUA_MATHLIBNAME, luaopen_math},
  {LUA_DBLIBNAME, luaopen_debug},
  {NULL, NULL}
};

LUALIB_API void my_openlibs (lua_State *L) {
  const luaL_Reg *lib = lualibs;
  for (; lib->func; lib++) {
    lua_pushcfunction(L, lib->func);
    lua_pushstring(L, lib->name);
    lua_call(L, 1, 0);
  }
}
like image 42
Mud Avatar answered Sep 30 '22 20:09

Mud

I don't know how to disable modules, but you can still choose which ones to load instead of loading them all with luaL_openlibs. Section 7.3 of the Lua 5.1 manual says:

The luaopen_* functions (to open libraries) cannot be called directly, like a regular C function. They must be called through Lua, like a Lua function.

That is, instead of directly calling the function as in Lua 5.0:

luaopen_table(L);

... you push it as a C function with its name and use lua_call or similar in Lua 5.1:

lua_pushcfunction(L, luaopen_table);
lua_pushliteral(L, LUA_TABLIBNAME);
lua_call(L, 1, 0);

The functions you can do this with are listed in lualib.h:

Function        | Name
----------------+-----------------
luaopen_base    | ""
luaopen_table   | LUA_TABLIBNAME
luaopen_io      | LUA_IOLIBNAME
luaopen_os      | LUA_OSLIBNAME
luaopen_string  | LUA_STRLIBNAME
luaopen_math    | LUA_MATHLIBNAME
luaopen_debug   | LUA_DBLIBNAME
luaopen_package | LUA_LOADLIBNAME
like image 160
Tung Nguyen Avatar answered Sep 30 '22 20:09

Tung Nguyen
Sign in to Comment

Related questions

Why do programmers sometimes refer to "C++/STL" like it's a separate language?
Problem with std::map and std::pair
Variable Scope in C++
resizing multidimensional vector
How do I use bitwise operators on a "double" on C++?
Can Someone Explain This Snippet (Why Are These Braces Here)?
Is there an equivalent of the Java equals method in c++?
Graph nodes coordinates evaluation [closed]
Google C++ coding style, no exceptions rule. What about multithreading?
c slower than java when summing a billion integers
OpenCV Binary Image Mask for Image Analysis in C++
Why couldn't I get the size of a range in range-v3?
cmake will not compile to C++ 11 standard
c++ exception in destructor
What is the big deal with BUILDING 64-bit versions of binaries?
what is the purpose and return type of the __builtin_offsetof operator?
C++: When is it acceptable to have code in the header file?
Pointers in C# to make int array?
How to execute C++ code without compiling it?
size guarantee for integral/arithmetic types in C and C++

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!