From a794d3581e2507590f73071fdc4704a1e57078d3 Mon Sep 17 00:00:00 2001
From: Roman Tsisyk <roman@tsisyk.com>
Date: Thu, 17 Oct 2013 10:10:18 +0400
Subject: [PATCH] Fix #68: 'package' module should be disable in the sandbox
---
src/lua/init.cc | 6 +++++-
test/box/configuration.result | 4 ++--
test/box/configuration.test | 4 ++--
test/box/lua_sandbox.result | 36 +++++++++++++++++++++++++++++++++++
test/box/lua_sandbox.test | 15 +++++++++++++++
test/box/require_init.lua | 2 ++
6 files changed, 62 insertions(+), 5 deletions(-)
create mode 100644 test/box/lua_sandbox.result
create mode 100644 test/box/lua_sandbox.test
diff --git a/src/lua/init.cc b/src/lua/init.cc
index fb4961d37a..743f682681 100644
--- a/src/lua/init.cc
+++ b/src/lua/init.cc
@@ -1560,6 +1560,8 @@ tarantool_lua_sandbox(struct lua_State *L)
* 1. Some os.* functions (like os.execute, os.exit, etc..)
* 2. require(), since it can be used to provide access to ffi
* or anything else we unset in 1.
+ * 3. package, because it can be used to invoke require or to get
+ * any builtin module using package.loaded
*/
int result = tarantool_lua_dostring(L,
"os.execute = nil\n"
@@ -1568,7 +1570,9 @@ tarantool_lua_sandbox(struct lua_State *L)
"os.tmpname = nil\n"
"os.remove = nil\n"
"io = nil\n"
- "require = nil\n");
+ "require = nil\n"
+ "package = nil\n");
+
if (result)
panic("%s", lua_tostring(L, -1));
}
diff --git a/test/box/configuration.result b/test/box/configuration.result
index eab2d38d46..4503edd79d 100644
--- a/test/box/configuration.result
+++ b/test/box/configuration.result
@@ -249,11 +249,11 @@ readahead = 16320
slab_alloc_arena = 0.1
wal_dir_rescan_delay = 0.1
...
-lua string.gmatch(package.path, '([^;]*)')()
+lua string.gmatch(package_path, '([^;]*)')()
---
- script_dir/?.lua
...
-lua string.gmatch(package.cpath, '([^;]*)')()
+lua string.gmatch(package_cpath, '([^;]*)')()
---
- script_dir/?.so
...
diff --git a/test/box/configuration.test b/test/box/configuration.test
index e97763f593..b566ea6fb6 100644
--- a/test/box/configuration.test
+++ b/test/box/configuration.test
@@ -80,8 +80,8 @@ server.stop()
shutil.copy("box/require_init.lua", os.path.join(script_dir_path, "init.lua"))
shutil.copy("box/require_mod.lua", os.path.join(script_dir_path, "mod.lua"))
server.deploy("box/tarantool_scriptdir.cfg")
-exec admin "lua string.gmatch(package.path, '([^;]*)')()"
-exec admin "lua string.gmatch(package.cpath, '([^;]*)')()"
+exec admin "lua string.gmatch(package_path, '([^;]*)')()"
+exec admin "lua string.gmatch(package_cpath, '([^;]*)')()"
exec admin "lua mod.test(10, 15)"
# restore default server
diff --git a/test/box/lua_sandbox.result b/test/box/lua_sandbox.result
new file mode 100644
index 0000000000..895b0c9eb9
--- /dev/null
+++ b/test/box/lua_sandbox.result
@@ -0,0 +1,36 @@
+lua os.execute
+---
+ - nil
+...
+lua os.exit
+---
+ - nil
+...
+lua os.rename
+---
+ - nil
+...
+lua os.tmpname
+---
+ - nil
+...
+lua os.remove
+---
+ - nil
+...
+lua io
+---
+ - nil
+...
+lua require
+---
+ - nil
+...
+lua package
+---
+ - nil
+...
+lua ffi
+---
+ - nil
+...
diff --git a/test/box/lua_sandbox.test b/test/box/lua_sandbox.test
new file mode 100644
index 0000000000..58251fa296
--- /dev/null
+++ b/test/box/lua_sandbox.test
@@ -0,0 +1,15 @@
+# encoding: tarantool
+
+#
+# Test that some built-in functions were disabled by sandbox
+#
+exec admin "lua os.execute"
+exec admin "lua os.exit"
+exec admin "lua os.rename"
+exec admin "lua os.tmpname"
+exec admin "lua os.remove"
+exec admin "lua io"
+exec admin "lua require"
+exec admin "lua package"
+# FFI can be mistakenly saved to the global variable by the one of our modules
+exec admin "lua ffi"
diff --git a/test/box/require_init.lua b/test/box/require_init.lua
index 51e05ffcb3..e6f1e2aa10 100644
--- a/test/box/require_init.lua
+++ b/test/box/require_init.lua
@@ -1 +1,3 @@
mod = require("mod")
+package_path = package.path
+package_cpath = package.cpath
\ No newline at end of file
--
GitLab