Sandboxing Lua scripts - Githubissues

wateret commented 5 years ago

Lua scripts can do almost everything to our running environment. But this could be vulnerable so we need to limit if some features are not necessary for scenario scripts and may be harmful. E.g. access to file system

Currently I am not 100% sure on this concept and what features to prohibit.

References for studying "Sandboxes"

http://lua-users.org/wiki/LuaSecurity http://lua-users.org/wiki/SandBoxes https://en.wikipedia.org/wiki/Sandbox_(computer_security) https://stackoverflow.com/questions/1224708/how-can-i-create-a-secure-lua-sandbox

Features to prohibit

File system access (What about require function?)

...

wateret commented 5 years ago

https://sol2.readthedocs.io/en/latest/api/state.html#state-script-function

wateret commented 4 years ago

Do we need to use sol::environment? -> I don't see the reason for now.

I am not sure about this but the strategy for now is unset UNSAFE functions that are loaded by open_libraries().

Unsafe function list : http://lua-users.org/wiki/SandBoxes
sol::lib enum : https://sol2.readthedocs.io/en/latest/api/state.html#lib-enum
Functions in sol::lib : http://www.lua.org/manual/5.3/manual.html#6

wateret / mengde

Sandboxing Lua scripts #138

References for studying "Sandboxes"

Features to prohibit