Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
Sandbox subverting via global environment manipulation (ineffective whitelisting) #2854
[re-posting via github after private reporting, as agreed with antirez]
It is general LUA wisdom that sandboxing would be better implemented by explicitly whitelisting just things that should be exposes, instead of blacklisting some functions/tables as redis is currently doing.
From a quick glance, there are several functions exposed by redis (in both 2.8 and 3.0 branches) which looks dangerous. For example, all of the following ones look un-uneeded in redis:
There are probably some more, and some can get added/removed as LUA evolves. The key point is that lua internals should probably be all hidden by default, and only needed functions picked and re-exported.
For example, the whole "strict lua" in
Another example is internal de-synchronization reported in #2853, resulting in remote crash due to assertion hitting.