创建一个安全的Lua沙箱..? [英] Creating a secure Lua sandbox..?

问题描述

现在我正在做很多事情.

Right now I am doing a lot of.

local env = {
    print = print,
}

setfenv(func，env) 然后使用元方法来锁定实例上的属性，但这确实效率低下并且具有很多绕过的功能.我在Google上搜索了一下，发现的所有内容都与此相同:正在工作.

setfenv(func, env) and then using metamethods to lock propertys on Instances, but it is really inefficient and has lots of bypasses. I googled it and everything I find is the same as this: unworking.

推荐答案

在Lua 5.1中，沙箱非常简单.如果您在某处的文件中有一个Lua脚本，并且想要阻止它访问您提供的参数以外的任何功能或其他任何功能，请执行以下操作:

In Lua 5.1, sandboxing is pretty simple. If you have a Lua script in a file somewhere, and you want to prevent it from accessing any functions or anything other than the parameters you provide, you do this:

local script = --Load the script via whatever means. DO NOT RUN IT YET!
setfenv(script, {})

script现在已沙箱化.除了您直接提供的值之外，它无法访问其他任何内容.它创建的功能无法访问此沙盒环境以外的任何内容.除了您允许它访问的内容之外，您最初的全局环境已被完全切断.

script is now sandboxed. It cannot access anything other than the values you directly provide. Functions it creates cannot access anything outside of this sandbox environment. Your original global environment is completely cut off from them, except for what you permit it to access.

很显然，您可以在表中放入任何您喜欢的东西；该表将包含您喜欢的任何可全局访问的内容.您可能应该让Lua脚本访问Lua标准库的基本功能.其中大多数是纯函数，不能做任何令人不快的事情.

Obviously you can put whatever you like in that table; that table will contain whatever globally accessible stuff you like. You should probably give Lua scripts access to basic Lua standard library functions; most of those are pure functions that can't do anything unpleasant.

以下是Lua标准库内容的列表，如果您想要保持沙箱的完整性，则您不能 授予用户访问权限:

Here's a list of Lua standard library stuff that you must not give the user access to, if you want to maintain the integrity your sandbox:

• getfenv.有充分的理由使用户能够setfenv，以便它可以在自己的沙箱中创建自己的迷你沙箱.但是，如果要维护沙箱的完整性，则不允许访问沙箱中放置的任何功能的环境.
• getmetatable:与上述相同的推理；设置元表就可以了.尽管恶意代码如果更改对象的元数据可以破坏对象，但是恶意代码可以通过执行无限循环来破坏整个系统.
• 整个 debug 图书馆.通过调试库，可以进行各种纠缠.

• getfenv. There are valid reasons for a user to be able to setfenv, so that it can create mini-sandboxes of its own within your sandbox. But you cannot allow access to the environment of any functions you put in the sandbox if you want to maintain the integrity of the sandbox.
• getmetatable: Same reasoning as above; setting metatables is OK. Though malicious code can break an object if they change its metatable, but malicious code can break your entire system just by doing an infinite loop.
• The entire debug library. All manner of chicanery is possible through the debug library.

您显然还需要解决 Lua 5.1从Lua脚本中加载字节码时遇到的问题.可以用来破坏沙箱.不幸的是，Lua 5.1并没有真正好的工具.在Lua 5.2+中，您可以封装load和loadfile，以便无论用户提供什么内容，都在内部传递"t"作为模式参数.但是对于Lua 5.1，您需要某种方式来封装load等.这样您就可以知道数据何时是文本，什么时候不是文本.通过阅读Lua源，您可能会找到Lua用来区分字节码和文本的代码.

You also apparently need to solve this problem that Lua 5.1 has with loading bytecode from within a Lua script. That can be used to break the sandbox. Unfortunately, Lua 5.1 doesn't really have good tools for that. In Lua 5.2+, you can encapsulate load and loadfile, such that you internally pass "t" as the mode parameter no matter what the user provides. But with Lua 5.1, you need some way to encapsulate load et.al. such that you can tell when the data is text and when it's not. You could probably find the code that Lua uses to distinguish bytecode from text by reading the Lua source.

或者您可以完全禁止load及其朋友.

Or you can just disallow load and its friends altogether.

如果要防止用户对系统做难看的事情，请禁止使用os和io库.

If you want to prevent the user from doing ugly things to the system, then disallow the os and io libraries.

这篇关于创建一个安全的Lua沙箱..?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！