From 081a5313da514ae023a91f325f4823e2deab4f72 Mon Sep 17 00:00:00 2001 From: Nick Gammon Date: Sun, 5 Sep 2010 07:36:50 +1000 Subject: [PATCH] Added module sandbox.lua --- install/mushclient.nsi | 2 + lua/sandbox.lua | 161 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 163 insertions(+) create mode 100644 lua/sandbox.lua diff --git a/install/mushclient.nsi b/install/mushclient.nsi index 19c0c545..381a0715 100644 --- a/install/mushclient.nsi +++ b/install/mushclient.nsi @@ -345,6 +345,7 @@ SetOverwrite ifnewer File "..\lua\ppi.lua" File "..\lua\mapper.lua" File "..\luacom\luacom5.lua" + File "..\lua\sandbox.lua" ; LuaSocket @@ -557,6 +558,7 @@ Section Uninstall Delete "$INSTDIR\lua\ppi.lua" Delete "$INSTDIR\lua\mapper.lua" Delete "$INSTDIR\lua\luacom5.lua" + Delete "$INSTDIR\lua\sandbox.lua" Delete "$INSTDIR\lua\socket.lua" Delete "$INSTDIR\lua\ltn12.lua" diff --git a/lua/sandbox.lua b/lua/sandbox.lua new file mode 100644 index 00000000..d8264f24 --- /dev/null +++ b/lua/sandbox.lua @@ -0,0 +1,161 @@ +-- MUSHclient sandbox (taken from versions 4.11 to 4.57) + +--[[ + +To enable the sandbox for all Lua scripting add to: + + File menu -> Global Preferences -> Lua -> Preliminary Code + + ... this line: + +require "sandbox" + +See: http://mushclient.com/security + +Note that this sandbox only affects Lua, not other scripting languages. + +--]] + + +trust_all_worlds = false -- change to true to trust all the worlds +trust_all_plugins = false -- change to true to trust all the plugins +warn_if_not_trusted = false -- change to true to show warnings + +--[[ + +-- Lua initialization (sandbox) --> please read comments carefully. + +Use this to create a "sandbox" for safe execution of non-trusted scripts. + +If you only run your own scripts or plugins then you may not need this. + +The code in this area is executed after each Lua script space is created +but before any of your scripts are done. This can be used to initialise things +(eg. load DLLs, load files, set up variables) or to disable things as shown below. + +By setting a function name to nil you effectively make it unavailable. + +You can remove some functions from a library rather than all of them, eg. + + os.execute = nil -- no operating system calls + os.remove = nil -- no deleting files + os.rename = nil -- no renaming files + +This script will automatically be replaced if you completely delete it from +the Global Preferences, and restart MUSHclient. To avoid this, leave a comment +in (if you don't want any further action taken). + +--]] + +-- Example sandbox -- + +function MakeSandbox () + + local function ReportDisabled (pkg, func) + return function () + error (string.format ( + "Function '%s.%s' disabled in Lua sandbox - see MUSHclient global preferences", + pkg, func), 2) + end -- function + end -- ReportDisabled + + package.loadlib = ReportDisabled ("package", "loadlib") -- disable loadlib function + package.loaders [3] = nil -- disable DLL loader + package.loaders [4] = nil -- disable all-in-one loader + + for k, v in pairs (io) do + if type (v) == "function" then + io [k] = ReportDisabled ("io", k) + end -- type is function + end -- for + + local orig_os = os -- so we know names of disabled ones + + -- replace 'os' table with one containing only safe functions + os = { + date = os.date, + time = os.time, + setlocale = os.setlocale, + clock = os.clock, + difftime = os.difftime, + } + + for k, v in pairs (orig_os) do + if not os [k] and type (v) == "function" then + os [k] = ReportDisabled ("os", k) + end -- not still active + end -- for + + if warn_if_not_trusted then + ColourNote ("yellow", "black", + "Lua sandbox created, some functions disabled.") + end -- if warn_if_not_trusted + +end -- end of function MakeSandbox + + +-- default is to sandbox everything -- + +-- To trust individual worlds or plugins, add them to the lists below. + +-- To find your current world ID, do this: /print (GetWorldID ()) +-- Plugin IDs are mentioned near the start of every plugin. + +-- You can limit the behaviour to specific worlds, or specific plugins +-- by doing something like this: + +do + + -- World IDs of worlds we trust - replace with your world IDs + -- (and remove comment from start of line) + + local trusted_worlds = { + -- ["a4a1cc1801787ba88cd84f3a"] = true, -- example world A + -- ["cdc8552d1b251e449b874b9a"] = true, -- example world B + -- ["1ec5aac3265e472b97f0c103"] = true, -- example world C + } -- end of trusted_worlds + + -- Plugin IDs of plugins we trust - add your plugins to the table + + local trusted_plugins = { + [""] = "", -- trust main script (ie. if no plugin running) + ["03ca99c4e98d2a3e6d655c7d"] = "Chat", + ["982581e59ab42844527eec80"] = "Random_Socials", + ["4a267cd69ba59b5ecefe42d8"] = "Installer_sumcheck", + ["83beba4e37b3d0e7f63cedbc"] = "Reconnecter", + } -- end of trusted_plugins + + + -- check worlds + if not trust_all_worlds then + if not trusted_worlds [GetWorldID ()] then + if warn_if_not_trusted then + ColourNote ("yellow", "black", "Untrusted world " .. WorldName () .. + ", ID: " .. GetWorldID ()) + end -- if warn_if_not_trusted + MakeSandbox () + end -- not trusted world or plugin + end -- not trusting all worlds + + -- check plugins - check name *and* plugin ID + if not trust_all_plugins then + if trusted_plugins [GetPluginID ()] ~= GetPluginName () then + if warn_if_not_trusted then + ColourNote ("yellow", "black", "Untrusted plugin " .. GetPluginName () .. + ", ID: " .. GetPluginID ()) + end -- if warn_if_not_trusted + MakeSandbox () + end -- not trusted world or plugin + end -- if not trusting all plugins + +end -- local block + +-- warn if we can't load DLLs (checkbox might be unchecked) +if not package.loadlib and warn_if_not_trusted then + local by_this_plugin = "" + if GetPluginID () ~= "" then + by_this_plugin = " by this plugin" + end -- this is a plugin + ColourNote ("yellow", "black", + "Loading of DLLs" .. by_this_plugin .. " is disabled.") +end -- if