Lua沙盒具有泄漏的特殊功能 [英] Lua Sandbox with special functions which leak
问题描述
我正在尝试使用如何创建安全的Lua沙箱?来建立我自己的泄漏沙箱.
I am trying to use How can I create a secure Lua sandbox? to build my own leaky sandbox.
我正在尝试创建一个Lua沙箱,其中一些Lua函数可以访问沙箱外部的其他Lua函数.例如,我希望沙箱具有一个特殊的显示"功能,该功能可以调用打印",但沙箱中也不要具有打印".
I am trying to create a Lua sandbox where some Lua functions can access some other Lua functions outside the sandbox. For example I want my sandbox to have a special "display" function which can call "print" but not have "print" in the sandbox too.
主要问题是我试图在一个已经很大的代码库中构建一个沙箱,所以我不能放弃功能.
The main problem is that I am trying to build a sandbox within an already large codebase, so I cannot nil away functions.
这怎么可能?
该解决方案必须是纯Lua函数,因为我没有任何过错.
The solution has to be a pure Lua function due to no fault of mine.
推荐答案
创建沙箱时,可以通过从较大环境中挑选功能和值来创建新的沙箱环境.您无需破坏或淘汰"原始环境中的任何东西.
When you create a sandbox, you do it by cherry picking functions and values from a larger environment to create a new sandbox environment. You do not need to destroy or "nil out" anything in the original environment.
- 通过挑选功能和值创建沙箱环境
- 加载脚本(将其编译并作为调用函数返回)
- 将脚本的环境设置为沙盒环境
- 在沙箱中执行脚本
所以
local script = loadstring "display(math.log(2, 3))"
local env = {display = print, math = math, string = string}
setfenv(script, env)
pcall(script)
打印
0.69314718055995
而
local script = loadstring "print(math.log(2, 3))"
local env = {display = print, math = math, string = string}
setfenv(script, env)
pcall(script)
失败
false [string "print(math.log(2, 3))"]:1: attempt to call global 'print' (a nil value)
这篇关于Lua沙盒具有泄漏的特殊功能的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!