Follow-up Comment #6, bug #15624 (project freeciv):
I agree that the security issue is very important. The caveat is that just
because we think it works doesn't mean that it does, security is hard,
especially with a runtime that we don't know so well :-)
Luckily, the lua runtime is very small. We can investigate not even loading
the os and io libraries, however that adds more code (and can only be done
with lua calls, not C calls in 5.1?).
What is important now is that all script code is executed inside our setfenv
environment, and that none of the remaining functions can give the script
access to the outside global environment (like getfenv, load, require, module
etc could do).
I have not investigated if there are any holes in tolua. The tolua module
(providing tolua.type that we need inside the restricted environment) has
also not been investigated.
Notice that we may replace all modules (string, table, math, coroutine
(should it be included?) and tolua) by tables that contain just the functions
we want, if we need to block out any of them.
Reply to this item at:
Meddelandet skickades via/av Gna!
Freeciv-dev mailing list