Lua沙盒具有泄漏的特殊功能 [英] Lua Sandbox with special functions which leak

问题描述

我正在尝试使用如何创建安全的Lua沙箱?来建立我自己的泄漏沙箱.

I am trying to use How can I create a secure Lua sandbox? to build my own leaky sandbox.

我正在尝试创建一个Lua沙箱，其中一些Lua函数可以访问沙箱外部的其他Lua函数.例如，我希望沙箱具有一个特殊的显示"功能，该功能可以调用打印"，但沙箱中也不要具有打印".

I am trying to create a Lua sandbox where some Lua functions can access some other Lua functions outside the sandbox. For example I want my sandbox to have a special "display" function which can call "print" but not have "print" in the sandbox too.

主要问题是我试图在一个已经很大的代码库中构建一个沙箱，所以我不能放弃功能.

The main problem is that I am trying to build a sandbox within an already large codebase, so I cannot nil away functions.

这怎么可能?

该解决方案必须是纯Lua函数，因为我没有任何过错.

The solution has to be a pure Lua function due to no fault of mine.

推荐答案

创建沙箱时，可以通过从较大环境中挑选功能和值来创建新的沙箱环境.您无需破坏或淘汰"原始环境中的任何东西.

When you create a sandbox, you do it by cherry picking functions and values from a larger environment to create a new sandbox environment. You do not need to destroy or "nil out" anything in the original environment.

1. 通过挑选功能和值创建沙箱环境
2. 加载脚本(将其编译并作为调用函数返回)
3. 将脚本的环境设置为沙盒环境
4. 在沙箱中执行脚本

所以

local script = loadstring "display(math.log(2, 3))"
local env = {display = print, math = math, string = string}
setfenv(script, env)
pcall(script)

打印

0.69314718055995

而

local script = loadstring "print(math.log(2, 3))"
local env = {display = print, math = math, string = string}
setfenv(script, env)
pcall(script)

失败

false   [string "print(math.log(2, 3))"]:1: attempt to call global 'print' (a nil value)

这篇关于Lua沙盒具有泄漏的特殊功能的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！