Register forum user name Search FAQ

Gammon Forum

Notice: Any messages purporting to come from this site telling you that your password has expired, or that you need to verify your details, confirm your email, resolve issues, making threats, or asking for money, are spam. We do not email users with any such messages. If you have lost your password you can obtain a new one by using the password reset link.

Due to spam on this forum, all posts now need moderator approval.

 Entire forum ➜ MUSHclient ➜ Lua ➜ Improved sandbox
Improved sandbox

It is now over 60 days since the last post. This thread is closed.     Refresh page

Posted by Nick Gammon   Australia  (23,173 posts)  Bio   Forum Administrator
Date Sun 05 Nov 2006 09:35 PM (UTC)

Amended on Sun 05 Nov 2006 09:36 PM (UTC) by Nick Gammon

Message
There is a problem that often seems to happen to people when starting to use Lua scripting, which is that they run foul of the Lua "sandbox" which is a default set of restrictions placed on Lua scripts by MUSHclient.

The problem is that the original sandbox set various functions (like io.open, os.execute) to nil, and then attempts to use them were met with a confusing error message, like "attempt to index global 'io' (a nil value)".

Version 3.83 of MUSHclient changes this behaviour to replace such functions with a special "error" function that simply reports that the original function was disabled, like this:


Function 'io.open' disabled in Lua sandbox - see MUSHclient global preferences


To retrofit this functionality into existing MUSHclient installations, edit the Lua sandbox (in File -> Global Preferences) and change from:


function MakeSandbox ()

--->  down to ---->

end -- end of function MakeSandbox


... to read like this instead:


function MakeSandbox ()

  local function ReportDisabled (pkg, func)
     return function ()
       error (string.format (
        "Function '%s.%s' disabled in Lua sandbox - see MUSHclient global preferences",
        pkg, func), 2)
       end -- function
  end -- ReportDisabled 

  package.loadlib = ReportDisabled  ("package", "loadlib") -- disable loadlib function
  package.loaders [3] = nil  -- disable DLL loader
  package.loaders [4] = nil  -- disable all-in-one loader

  for k, v in pairs (io) do
    if type (v) == "function" then
      io [k] = ReportDisabled ("io", k)
    end -- type is function
  end -- for

  local orig_os = os -- so we know names of disabled ones

  -- replace 'os' table with one containing only safe functions
  os = {
       date = os.date,
       time = os.time, 
       setlocale = os.setlocale,
       clock = os.clock, 
       difftime = os.difftime,
       }

  for k, v in pairs (orig_os) do
    if not os [k] and type (v) == "function" then
      os [k] = ReportDisabled ("os", k)
    end -- not still active
  end -- for

   if warn_if_not_trusted then
     ColourNote ("yellow", "black", 
                 "Lua sandbox created, some functions disabled.")
   end -- if warn_if_not_trusted

end -- end of function MakeSandbox
- Nick Gammon

www.gammon.com.au, www.mushclient.com
Top

The dates and times for posts above are shown in Universal Co-ordinated Time (UTC).

To show them in your local time you can join the forum, and then set the 'time correction' field in your profile to the number of hours difference between your location and UTC time.

6,243 views.

It is now over 60 days since the last post. This thread is closed.     Refresh page

Go to topic:           Search the forum

[Go to top] top

Information and images on this site are licensed under the Creative Commons Attribution 3.0 Australia License unless stated otherwise.

Home