## lovejail : a safe environment

Questions about the LÖVE API, installing LÖVE and other support related questions go here.
Forum rules
TsT
Party member
Posts: 161
Joined: Thu Sep 25, 2008 7:04 pm
Location: France
Contact:

### lovejail : a safe environment

This is a alpha version of my love jail.

I built a lib for setup a lua 5.1 secured environment named jail. It's far to be finish but it's already disable some dangerous functions.

How it run ?

I'm setup a short main.lua :

Code: Select all

BASEDIR="jailpack/" -- the directory where safeload.lua and lib/ are.

The game.lua is the usual main.lua.

How to check a game in the jail ?

- Make a copy of your game directory (just for backup)
- copy the jailpack directory in your game directory (near your main.lua)
- Rename your main.lua to game.lua
- Copy the jailpack/main.lua to main.lua
- Test it !

What is done ? What is still to do ?

In summary :
- math, string, table are allowed, no filter.
- os, io, package are filtred
- love table are not filtered for now, will be.
- file, coroutine, debug are disabled
For details see directly the lib/luajail.lua.

The love restriction is in lib/lovejail.lua

Changes log

0.1.0 - first alpha release
0.2.0 - allow to use require() properly (major bug fixed)
0.3.0 - full support of modules, allow to configure hybrid module loads

lovejail-0.3.0-20110504.love
v0.3.0 require() module() fully supported, outside module loads filtered
lovejail-0.2.0-20110430.love
v0.2.0 require() fixed
lovejail-0.1.0-20110429.love
v0.1.0 initial release
Last edited by TsT on Thu May 05, 2011 5:57 pm, edited 4 times in total.
My projects current projects : dragoon-framework (includes lua-newmodule, lua-provide, lovemodular, , classcommons2, and more ...)
Robin
The Omniscient
Posts: 6506
Joined: Fri Feb 20, 2009 4:29 pm
Location: The Netherlands
Contact:

### Re: jailed environment

TsT
Party member
Posts: 161
Joined: Thu Sep 25, 2008 7:04 pm
Location: France
Contact:

### Re: jailed environment

I have quickly take a look. (got problem to compile it )
I have seen the source, the approach seems different, SElove remove some functions from the global env.
My way is to keep the current global env and provide a safe env.

But I found known problem : the dofile, require (and module) register global objects into the global env.
Then when you load a file this global functions exists outside the jail...
It seems really harder than what I thought but I will found a solution!

Regards,
PS: Now I'm going to bed
My projects current projects : dragoon-framework (includes lua-newmodule, lua-provide, lovemodular, , classcommons2, and more ...)
BlackBulletIV
Inner party member
Posts: 1261
Joined: Wed Dec 29, 2010 8:19 pm
Location: Queensland, Australia
Contact:

### Re: jailed environment

Yeah SELOVE is the thing when it comes to sandboxing. Also, for your information, bartbes used the name "Jail" on a library of his.
Robin
The Omniscient
Posts: 6506
Joined: Fri Feb 20, 2009 4:29 pm
Location: The Netherlands
Contact:

### Re: jailed environment

TsT wrote:got problem to compile it
Oy. I should fix that.

It's a bit out of date anyways, I've not yet merged LÖVE 0.7.2 or the minor branch. I'm planning to hold another cracking challenge before I release SELÖVE 0.8.0, by the way.
TsT
Party member
Posts: 161
Joined: Thu Sep 25, 2008 7:04 pm
Location: France
Contact:

### Re: jailed environment

BlackBulletIV wrote:Yeah SELOVE is the thing when it comes to sandboxing. Also, for your information, bartbes used the name "Jail" on a library of his.
Thanks for the information, but I'm not using the jail.lua in my files, I'm using name like luajail.lua and lovejail.lua and loading directly with love.filesysten.load.
I'm using a variable named jail but only in local space (exported to the global space inside the module variable named luajail or lovejail).

Robin wrote:Oy. I should fix that.

It's a bit out of date anyways, I've not yet merged LÖVE 0.7.2 or the minor branch. I'm planning to hold another cracking challenge before I release SELÖVE 0.8.0, by the way.
I like SELÖVE because I can see and discover how other people (you) have done. It's not important for me to not be able to test SELÖVE, I saw the source diff, it's enough

Regards,
My projects current projects : dragoon-framework (includes lua-newmodule, lua-provide, lovemodular, , classcommons2, and more ...)
TsT
Party member
Posts: 161
Joined: Thu Sep 25, 2008 7:04 pm
Location: France
Contact:

### Re: jailed environment

I'm happy to release the 2nd alpha version.
I worked hard on the require() problem... and found solution to make my own require that is using loadfile() and setfenv() for the lua module and load C library with the out-of-jail require().
Now the jail is able to load a file that is change things in global environment, the changes are really made in the global jailed environment not the out-of-jail one.

Next step, be able to choose what module will be allowed or deny.
Allow "socket" and deny "lfs" for example.

Don't hesitate to check your own game in the jail. and report if you got problem. Thanks !

I simplify the way to setup as simple as possible!

Regards,
My projects current projects : dragoon-framework (includes lua-newmodule, lua-provide, lovemodular, , classcommons2, and more ...)
TsT
Party member
Posts: 161
Joined: Thu Sep 25, 2008 7:04 pm
Location: France
Contact:

### Re: lovejail : a jailed environment

The require and module support was fully recoded.
inside the jail you are allowed to load lua files with require (or love functions).
If you can configure to allow or deny loading of C library with require() call.
For example, require("socket") inside the jail will load socket (and socket.core) ouside-the-jail environment, and register the socket object into the jail package system, and finally return the socket object inside the jail.

I planned to allow to build interface for this king of cases.

I check the jail with :
- OK konami code
- OK contraption
- OK eternity
- OK lfxr (with coroutine access)

to be continue...
My projects current projects : dragoon-framework (includes lua-newmodule, lua-provide, lovemodular, , classcommons2, and more ...)
TsT
Party member
Posts: 161
Joined: Thu Sep 25, 2008 7:04 pm
Location: France
Contact:

### Lua and security is so simple !

Hello,

The love Thread is running in global environment. Hard or impossible to catch calls to apply the jail.
I decide to fully change my way to do.

Just a small summary of my story :
- I had discover the "setfenv" function and thought "I can build a new environment and apply it to the main function, it's so easy !"
- I run it and discover, in lua 5.1 the environment of the "require", "module" and "dofile" functions is the global one, and can not be changed with setfenv.
- I have (with help of luacompat source code) rebuilt/emulated in lua the require, module, dofile functions (also package/modules management).
- I'm also build a hybrid "require" function to choose if we want load a module inside or outside the jail.
- I thought "now it's finished I just need to work on the love functions!"
- I have discover 2 problem, one is the getmetatable("") always return the metatable of the string data (shared between everywhere). It's impossible to force the use of another metatable when you call "mystring":xxx(). So, it's easy to function environment with setfenv, but there is nothing equal for metatable/metafunctions attached to data type.
- I see the love thread can not be catch and always got access to the original and unsecured global environment.
- I decide to do a break.
- I will doing again from scratch with another approach, move every unsecured functions in a local/private part, disable every dangerous things in global environment (almost like SELOVE do)

Oh I like LÖVE and LUA ...

Have fun !
My projects current projects : dragoon-framework (includes lua-newmodule, lua-provide, lovemodular, , classcommons2, and more ...)

### Who is online

Users browsing this forum: Bing [Bot] and 7 guests