创建一个安全的 Lua 沙箱..? [英] Creating a secure Lua sandbox..?

问题描述

现在我正在做很多事情.

Right now I am doing a lot of.

local env = {
    print = print,
}

setfenv(func, env)然后使用元方法来锁定实例上的属性，但它确实效率低下并且有很多绕过.我用谷歌搜索，我发现的一切都与此相同:不工作.

setfenv(func, env) and then using metamethods to lock propertys on Instances, but it is really inefficient and has lots of bypasses. I googled it and everything I find is the same as this: unworking.

推荐答案

在 Lua 5.1 中，沙盒非常简单.如果你在某个文件中的某个地方有一个 Lua 脚本，并且你想阻止它访问任何函数或你提供的参数以外的任何东西，你可以这样做:

In Lua 5.1, sandboxing is pretty simple. If you have a Lua script in a file somewhere, and you want to prevent it from accessing any functions or anything other than the parameters you provide, you do this:

local script = --Load the script via whatever means. DO NOT RUN IT YET!
setfenv(script, {})

script 现在被沙盒化了.除了您直接提供的值之外，它无法访问任何其他内容.它创建的函数无法访问此沙箱环境之外的任何内容.除了您允许它访问的内容外，您的原始全局环境与它们完全隔绝.

script is now sandboxed. It cannot access anything other than the values you directly provide. Functions it creates cannot access anything outside of this sandbox environment. Your original global environment is completely cut off from them, except for what you permit it to access.

显然你可以把任何你喜欢的东西放在那个桌子上；该表将包含您喜欢的任何可全局访问的内容.您可能应该让 Lua 脚本访问基本的 Lua 标准库函数；其中大部分是纯函数，不能做任何令人不快的事情.

Obviously you can put whatever you like in that table; that table will contain whatever globally accessible stuff you like. You should probably give Lua scripts access to basic Lua standard library functions; most of those are pure functions that can't do anything unpleasant.

以下是 Lua 标准库内容的列表，如果您想保持沙箱的完整性，不得允许用户访问这些内容:

Here's a list of Lua standard library stuff that you must not give the user access to, if you want to maintain the integrity your sandbox:

• getfenv.用户有充分的理由能够setfenv，以便它可以在您的沙箱中创建自己的迷你沙箱.但是，如果您想保持沙箱的完整性，则不能允许访问您放入沙箱的任何函数的环境.
• getmetatable:同上推理；设置元表是可以的.尽管恶意代码可以通过更改元表来破坏对象，但恶意代码仅通过无限循环就可以破坏整个系统.
• 整个 调试 图书馆.通过调试库可以实现各种诡计.

• getfenv. There are valid reasons for a user to be able to setfenv, so that it can create mini-sandboxes of its own within your sandbox. But you cannot allow access to the environment of any functions you put in the sandbox if you want to maintain the integrity of the sandbox.
• getmetatable: Same reasoning as above; setting metatables is OK. Though malicious code can break an object if they change its metatable, but malicious code can break your entire system just by doing an infinite loop.
• The entire debug library. All manner of chicanery is possible through the debug library.

您显然还需要解决Lua 5.1 在从 Lua 脚本中加载字节码时遇到的这个问题.这可以用来打破沙箱.不幸的是，Lua 5.1 并没有真正的好工具.在 Lua 5.2+ 中，您可以封装 load 和 loadfile，这样无论用户提供什么，您都可以在内部传递t"作为模式参数.但是对于 Lua 5.1，您需要某种方式来封装 load 等.这样您就可以判断数据何时是文本，何时不是.通过阅读 Lua 源代码，您可能会找到 Lua 用来区分字节码和文本的代码.

You also apparently need to solve this problem that Lua 5.1 has with loading bytecode from within a Lua script. That can be used to break the sandbox. Unfortunately, Lua 5.1 doesn't really have good tools for that. In Lua 5.2+, you can encapsulate load and loadfile, such that you internally pass "t" as the mode parameter no matter what the user provides. But with Lua 5.1, you need some way to encapsulate load et.al. such that you can tell when the data is text and when it's not. You could probably find the code that Lua uses to distinguish bytecode from text by reading the Lua source.

或者你可以完全禁止 load 和它的朋友.

Or you can just disallow load and its friends altogether.

如果你想阻止用户对系统做一些丑陋的事情，那就禁用 os 和 io 库.

If you want to prevent the user from doing ugly things to the system, then disallow the os and io libraries.

这篇关于创建一个安全的 Lua 沙箱..?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！