Browse files

bug1002272:

The nullify potential unsafe (in security mind) functions was moved from box.lua
to separate functions which calls after init.lua. It allows call require,
os.execute, and another unsafe function in init.lua.
  • Loading branch information...
1 parent bceca39 commit 2641179df7e60359461a9423b7fb300ad5855453 Konstantin Shulgin committed May 21, 2012
Showing with 41 additions and 9 deletions.
  1. +10 −1 include/tarantool_lua.h
  2. +0 −8 mod/box/box.lua
  3. +4 −0 src/tarantool.m
  4. +19 −0 src/tarantool_lua.m
  5. BIN test/box/lua.result
  6. +7 −0 test/box/lua.test
  7. +1 −0 test/box/test_init.lua
View
11 include/tarantool_lua.h
@@ -78,9 +78,18 @@ void tarantool_lua_load_cfg(struct lua_State *L,
/**
* Load and execute start-up file
*
- * @param L is Lua State
+ * @param L is a Lua State.
*/
void tarantool_lua_load_init_script(struct lua_State *L);
+
+/**
+ * Nullify some functions by security reasons in the Lua sate.
+ *
+ * @param L is a Lua State.
+ */
+void
+tarantool_lua_security_nullify(struct lua_State *L);
+
void
tarantool_lua(struct lua_State *L,
struct tbuf *out, const char *str);
View
8 mod/box/box.lua
@@ -324,12 +324,4 @@ function box.on_reload_configuration()
end
end
--- security: nullify some of the most serious os.* holes
-os.execute = nil
-os.exit = nil
-os.rename = nil
-os.tmpname = nil
-os.remove = nil
-require = nil
-
-- vim: set et ts=4 sts
View
4 src/tarantool.m
@@ -731,6 +731,10 @@
* was fully initialized.
*/
tarantool_lua_load_init_script(tarantool_L);
+ /*
+ * Nullify some functions by security reasons.
+ */
+ tarantool_lua_security_nullify(tarantool_L);
prelease(fiber->gc_pool);
say_crit("log level %i", cfg.log_level);
View
19 src/tarantool_lua.m
@@ -1114,6 +1114,25 @@ void tarantool_lua_load_init_script(struct lua_State *L)
fiber_call(loader);
}
+void
+tarantool_lua_security_nullify(struct lua_State *L)
+{
+ /*
+ * Nullify some functions by security reasons:
+ * 1. some so.* functions (like os.execute, os.exit, etc..)
+ * 2. require function (because it can provide access to ffi)
+ */
+ int result = tarantool_lua_dostring(L,
+ "os.execute = nil\n"
+ "os.exit = nil\n"
+ "os.rename = nil\n"
+ "os.tmpname = nil\n"
+ "os.remove = nil\n"
+ "require = nil\n");
+ if (result)
+ panic("can't nullify unsafe (in security mind) functions");
+}
+
/*
* vim: foldmethod=marker
*/
View
BIN test/box/lua.result
Binary file not shown.
View
7 test/box/lua.test
@@ -416,6 +416,13 @@ exec admin "lua box.select(0, 0, 2)"
exec admin "lua box.select(0, 0, 4)"
print """
+# Test bug #1002272
+"""
+exec admin "lua floor(0.5)"
+exec admin "lua floor(0.9)"
+exec admin "lua floor(1.1)"
+
+print """
# clean-up after tests
"""
server.stop()
View
1 test/box/test_init.lua
@@ -1,4 +1,5 @@
-- testing start-up script
+floor = require("math").floor
--
-- Access to box.cfg from start-up script

0 comments on commit 2641179

Please sign in to comment.