From 2247b7712651bb042c5b4ad23db99dd821092b9d Mon Sep 17 00:00:00 2001 From: helixhorned Date: Tue, 11 Oct 2011 16:53:15 +0000 Subject: [PATCH] lunatic: more sandboxing mechanisms, makefile lines for OSX git-svn-id: https://svn.eduke32.com/eduke32@2074 1a8010ca-5511-0410-912e-c29ae57300e0 --- polymer/eduke32/Makefile | 16 ++++- polymer/eduke32/source/lunatic/defs.ilua | 82 ++++++++++++++++++++--- polymer/eduke32/source/lunatic/dynsymlist | 9 ++- polymer/eduke32/source/lunatic/lunatic.c | 2 +- polymer/eduke32/source/lunatic/test.elua | 11 ++- 5 files changed, 100 insertions(+), 20 deletions(-) diff --git a/polymer/eduke32/Makefile b/polymer/eduke32/Makefile index d04d858e7..b79ea9e50 100644 --- a/polymer/eduke32/Makefile +++ b/polymer/eduke32/Makefile @@ -139,7 +139,15 @@ ifneq (0,$(LUNATIC)) OURCFLAGS+= -I/usr/local/include/luajit-2.0 -I$(SRC)/lunatic -DLUNATIC_ENABLE LIBS+= -L/usr/local/lib -lluajit-5.1 GAMEOBJS+= $(OBJ)/lunatic.$o - MISCLINKOPTS+= -Wl,--dynamic-list=$(SRC)/lunatic/dynsymlist + # strip on OSX says: removing global symbols from a final linked no longer supported. + # Use -exported_symbols_list at link time when building + # But, not doing this does not give us the symbols! wtf? + STRIP+= -s $(SRC)/lunatic/dynsymlist_osx + ifeq ($(PLATFORM),DARWIN) + MISCLINKOPTS+= -pagezero_size 10000 -image_base 100000000 #-Wl,-alias_list -Wl,$(SRC)/lunatic/aliases_list #-exported_symbols_list $(SRC)/lunatic/dynsymlist_osx + else + MISCLINKOPTS+= -Wl,--dynamic-list=$(SRC)/lunatic/dynsymlist + endif endif # PLATFORM SPECIFIC SETTINGS @@ -307,6 +315,12 @@ $(OBJ)/%.$o: $(SRC)/lunatic/%.c $(COMPILE_STATUS) if $(CC) $(CFLAGS) $(OURCFLAGS) -c $< -o $@; then $(COMPILE_OK); else $(COMPILE_FAILED); fi +$(SRC)/lunatic/dynsymlist_osx: $(SRC)/lunatic/dynsymlist + sed 's/[{};]//g;s/[A-Za-z_][A-Za-z_0-9]*/_&/g' $< > $@ + +$(SRC)/lunatic/aliases_list: $(SRC)/lunatic/dynsymlist_osx + sed 's/_\([A-Za-z_][A-Za-z_0-9]*\)/_\1 \1/g' $< > $@ + $(OBJ)/%.$o: Apple/%.m $(COMPILE_STATUS) if $(CC) $(CFLAGS) $(OURCFLAGS) -c $< -o $@; then $(COMPILE_OK); else $(COMPILE_FAILED); fi diff --git a/polymer/eduke32/source/lunatic/defs.ilua b/polymer/eduke32/source/lunatic/defs.ilua index a71b3e176..80f22e473 100644 --- a/polymer/eduke32/source/lunatic/defs.ilua +++ b/polymer/eduke32/source/lunatic/defs.ilua @@ -58,7 +58,56 @@ const int16_t prevspritesect[16384], prevspritestat[16384]; const int16_t nextspritesect[16384], nextspritestat[16384]; ]] --- +---- _G tweaks -- pull in only 'safe' stuff ---- + +local G_ = {} -- our soon-to-be global environment +local oG = _G + +G_.coroutine = coroutine +G_.assert = assert +G_.tostring = tostring +G_.tonumber = tonumber +--rawget +G_.xpcall = xpcall +G_.ipairs = ipairs +G_.print = print +G_.pcall = pcall +--gcinfo --DEPRECATED +--module +--setfenv +--require +--rawset +--jit +G_.bit = bit +--package +G_.error = error +--debug +--loadfile +--rawequal +--load +G_.unpack = unpack +G_.pairs = pairs +G_.table = table +G_._VERSION = _VERSION +--newproxy --NOT STD? +--collectgarbage +--dofile +G_.next = next +G_.math = math +--loadstring +--_G +G_.select = select +G_.string = string +G_.type = type +--getmetatable +--getfenv +--setmetatable + +G_._G = G_ + +-- REMOVE this for release +DBG_ = {} +DBG_.loadstring = oG.loadstring ---- Set up restricted access to ffi.C from lunatic. ---- local ffiC = ffi.C @@ -69,7 +118,7 @@ local tmpmt = { __newindex = function() error('dummy variable: write access forbidden') end, __metatable = true -- forbid setting the metatable } -setmetatable(det, tmpmt) +oG.setmetatable(det, tmpmt) -- GLOBAL gv: provides access to C global *scalars* gv = { @@ -89,7 +138,7 @@ local tmpmt = { __newindex = function() error("cannot create new fields in 'gv'") end, __metatable = true, } -setmetatable(gv, tmpmt) +oG.setmetatable(gv, tmpmt) ---- indirect C array access ---- sector = {} @@ -102,7 +151,7 @@ local tmpmt = { __newindex = function(tab, key, val) error('cannot write to sector[] struct directly') end, __metatable = true, } -setmetatable(sector, tmpmt) +oG.setmetatable(sector, tmpmt) wall = {} local tmpmt = { @@ -114,7 +163,7 @@ local tmpmt = { __newindex = function(tab, key, val) error('cannot write to wall[] struct directly') end, __metatable = true, } -setmetatable(wall, tmpmt) +oG.setmetatable(wall, tmpmt) -- create a safe indirection for a ffi.C array local function creategtab(ctab, maxidx, name) @@ -131,7 +180,7 @@ local function creategtab(ctab, maxidx, name) end, __metatable = true, } - setmetatable(tab, tmpmt) + oG.setmetatable(tab, tmpmt) return tab end @@ -176,6 +225,21 @@ function spritesofstat(stat) return iter_spritesofstat , stat, -1 end --- restrict access to potentially unsafe standard Lua modules (not yet done) -os = nil -io = nil + +-- add new variables/functions living in the global environment +G_.DBG_ = DBG_ -- REMOVE this for release +G_.gv = gv +G_.sector = sector +G_.wall = wall +G_.sprite = sprite +G_.headspritesect = headspritesect +G_.headspritestat = headspritestat +G_.nextspritesect = nextspritesect +G_.nextspritestat = nextspritestat +G_.prevspritesect = prevspritesect +G_.prevspritestat = prevspritestat +G_.spritesofsect = spritesofsect +G_.spritesofstat = spritesofstat + +-- change the environment of the running Lua thread to the table G_ +setfenv(0, G_) diff --git a/polymer/eduke32/source/lunatic/dynsymlist b/polymer/eduke32/source/lunatic/dynsymlist index 0ea300097..a1775db84 100644 --- a/polymer/eduke32/source/lunatic/dynsymlist +++ b/polymer/eduke32/source/lunatic/dynsymlist @@ -6,7 +6,10 @@ sprite; numsectors; numwalls; -headspritesect; headspritestat; -prevspritesect; prevspritestat; -nextspritesect; nextspritestat; +headspritesect; +headspritestat; +prevspritesect; +prevspritestat; +nextspritesect; +nextspritestat; }; diff --git a/polymer/eduke32/source/lunatic/lunatic.c b/polymer/eduke32/source/lunatic/lunatic.c index 73b446968..def5aac0f 100644 --- a/polymer/eduke32/source/lunatic/lunatic.c +++ b/polymer/eduke32/source/lunatic/lunatic.c @@ -25,7 +25,7 @@ int32_t El_CreateState(El_State *estate, const char *name) { Bfree((char *)estate->name); estate->name = NULL; - return -1; + return -2; } luaL_openlibs(estate->L); // XXX: only for internal use and testing, obviously diff --git a/polymer/eduke32/source/lunatic/test.elua b/polymer/eduke32/source/lunatic/test.elua index ea04948dd..cd6ef0149 100644 --- a/polymer/eduke32/source/lunatic/test.elua +++ b/polymer/eduke32/source/lunatic/test.elua @@ -3,7 +3,7 @@ print('--- ELua Test script ---') local function checkfail(funcstr) - local status, res = pcall(loadstring(funcstr)) + local status, res = pcall(DBG_.loadstring(funcstr)) if (status) then print('ERROR: '..funcstr.." DIDN'T fail") else @@ -14,6 +14,7 @@ end local i print('tweaking sector pals') +---[[ for i = 0, gv.numsectors/2 do sector[i].floorpal = 1; sector[i].ceilingpal = 2; @@ -28,7 +29,7 @@ end for spr in spritesofsect(236) do print('#spr', spr) end - +--]] print('_G contains:') for k,v in pairs(_G) do print(k, v) @@ -40,9 +41,7 @@ checkfail('sector[-1].ceilingpal = 4') -- oob write access checkfail('sector[0].wallnum = 0') -- wallnum member is read-only checkfail('gv.numsectors = 4') -- gv.numsectors is read-only checkfail('sector[4] = sector[6]') -- direct sector write access forbidden - +checkfail("require('os')") -- 'require' has been thrown away to be replaced by + -- something more restricted later print('--- end test script ---') - -os = require("os") -print('clk', os.clock())