Lua Sandbox has special features of leakage

I am trying to use How can I create a secure Lua sandbox? to build my own vulnerability sandbox.

I am trying to create a Lua sandbox Box, some of the Lua functions can access some other Lua functions outside the sandbox. For example, I want my sandbox to have a special “display” function that can call “print” but there is no “print” in the sandbox.

The main problem is that I am trying to build a sandbox in an already large code base, so I cannot ignore the functionality.

How is this possible?

Since there is no fault of mine, the solution must be a pure Lua function.

When creating a sandbox, you can create a new sandbox environment by picking functions and values ​​from a larger environment. You don’t need to destroy or “delete” anything in the original environment.

< p>>Create a sandbox environment through the cherry pick function and values
>Load the script (compile it and return it as a function)
>Set the script environment to the sandbox environment
>Execute in the sandbox Script

So,

local script = loadstring "display(math.log(2, 3))"
local env = {display = print, math = math, string = string)
setfenv(script, env)
pcall(script)

Printing

0.69314718055995

and

local script = loadstring "print(math.log(2, 3))"
local env = {display = print, math = math, string = string)
setfenv(script, env)
pcall(script)

Failed

< pre>false [string “print(math.log(2, 3))”]:1: attempt to call global’print’ (a nil value)

Me I am trying to use How can I create a secure Lua sandbox? to build my own vulnerability sandbox.

I am trying to create a Lua sandbox, some of which can access Lua functions outside the sandbox Some other Lua functions. For example, I want my sandbox to have a special “display” function that can call “print” but there is no “print” in the sandbox.

The main problem is that I am Try already A sandbox is built in a large code base, so I can’t ignore the functionality.

How is this possible?

Since there is no fault of mine, the solution must be a pure Lua function.

When creating a sandbox, you can Select functions and values ​​from the environment to create a new sandbox environment. You don’t need to destroy or “delete” anything in the original environment.

>Create a sandbox with cherry pick functions and values Environment
>Load the script (compile it and return it as a function)
>Set the script environment to the sandbox environment
>Execute the script in the sandbox

So,

local script = loadstring "display(math.log(2, 3))"
local env = {display = print, math = math, string = string}< br />setfenv(script, env)
pcall(script)

Printing

0.69314718055995

and p>

local script = loadstring "print(math.log(2, 3))"
local env = {display = print, math = math, string = string}< br />setfenv(script, env)
pcall(script)

Failed

false [string "print(math.log( 2, 3))"]:1: attempt to call global'print' (a nil value)

WordPress database error: [Table 'yf99682.wp_s6mz6tyggq_comments' doesn't exist]
SELECT SQL_CALC_FOUND_ROWS wp_s6mz6tyggq_comments.comment_ID FROM wp_s6mz6tyggq_comments WHERE ( comment_approved = '1' ) AND comment_post_ID = 3198 ORDER BY wp_s6mz6tyggq_comments.comment_date_gmt ASC, wp_s6mz6tyggq_comments.comment_ID ASC

Leave a Comment

Your email address will not be published.