lunatic: more sandboxing mechanisms, makefile lines for OSX

git-svn-id: https://svn.eduke32.com/eduke32@2074 1a8010ca-5511-0410-912e-c29ae57300e0
This commit is contained in:
helixhorned 2011-10-11 16:53:15 +00:00
parent 9196bdbd81
commit 2247b77126
5 changed files with 100 additions and 20 deletions

View file

@ -139,7 +139,15 @@ ifneq (0,$(LUNATIC))
OURCFLAGS+= -I/usr/local/include/luajit-2.0 -I$(SRC)/lunatic -DLUNATIC_ENABLE
LIBS+= -L/usr/local/lib -lluajit-5.1
GAMEOBJS+= $(OBJ)/lunatic.$o
# strip on OSX says: removing global symbols from a final linked no longer supported.
# Use -exported_symbols_list at link time when building
# But, not doing this does not give us the symbols! wtf?
STRIP+= -s $(SRC)/lunatic/dynsymlist_osx
ifeq ($(PLATFORM),DARWIN)
MISCLINKOPTS+= -pagezero_size 10000 -image_base 100000000 #-Wl,-alias_list -Wl,$(SRC)/lunatic/aliases_list #-exported_symbols_list $(SRC)/lunatic/dynsymlist_osx
else
MISCLINKOPTS+= -Wl,--dynamic-list=$(SRC)/lunatic/dynsymlist
endif
endif
# PLATFORM SPECIFIC SETTINGS
@ -307,6 +315,12 @@ $(OBJ)/%.$o: $(SRC)/lunatic/%.c
$(COMPILE_STATUS)
if $(CC) $(CFLAGS) $(OURCFLAGS) -c $< -o $@; then $(COMPILE_OK); else $(COMPILE_FAILED); fi
$(SRC)/lunatic/dynsymlist_osx: $(SRC)/lunatic/dynsymlist
sed 's/[{};]//g;s/[A-Za-z_][A-Za-z_0-9]*/_&/g' $< > $@
$(SRC)/lunatic/aliases_list: $(SRC)/lunatic/dynsymlist_osx
sed 's/_\([A-Za-z_][A-Za-z_0-9]*\)/_\1 \1/g' $< > $@
$(OBJ)/%.$o: Apple/%.m
$(COMPILE_STATUS)
if $(CC) $(CFLAGS) $(OURCFLAGS) -c $< -o $@; then $(COMPILE_OK); else $(COMPILE_FAILED); fi

View file

@ -58,7 +58,56 @@ const int16_t prevspritesect[16384], prevspritestat[16384];
const int16_t nextspritesect[16384], nextspritestat[16384];
]]
--
---- _G tweaks -- pull in only 'safe' stuff ----
local G_ = {} -- our soon-to-be global environment
local oG = _G
G_.coroutine = coroutine
G_.assert = assert
G_.tostring = tostring
G_.tonumber = tonumber
--rawget
G_.xpcall = xpcall
G_.ipairs = ipairs
G_.print = print
G_.pcall = pcall
--gcinfo --DEPRECATED
--module
--setfenv
--require
--rawset
--jit
G_.bit = bit
--package
G_.error = error
--debug
--loadfile
--rawequal
--load
G_.unpack = unpack
G_.pairs = pairs
G_.table = table
G_._VERSION = _VERSION
--newproxy --NOT STD?
--collectgarbage
--dofile
G_.next = next
G_.math = math
--loadstring
--_G
G_.select = select
G_.string = string
G_.type = type
--getmetatable
--getfenv
--setmetatable
G_._G = G_
-- REMOVE this for release
DBG_ = {}
DBG_.loadstring = oG.loadstring
---- Set up restricted access to ffi.C from lunatic. ----
local ffiC = ffi.C
@ -69,7 +118,7 @@ local tmpmt = {
__newindex = function() error('dummy variable: write access forbidden') end,
__metatable = true -- forbid setting the metatable
}
setmetatable(det, tmpmt)
oG.setmetatable(det, tmpmt)
-- GLOBAL gv: provides access to C global *scalars*
gv = {
@ -89,7 +138,7 @@ local tmpmt = {
__newindex = function() error("cannot create new fields in 'gv'") end,
__metatable = true,
}
setmetatable(gv, tmpmt)
oG.setmetatable(gv, tmpmt)
---- indirect C array access ----
sector = {}
@ -102,7 +151,7 @@ local tmpmt = {
__newindex = function(tab, key, val) error('cannot write to sector[] struct directly') end,
__metatable = true,
}
setmetatable(sector, tmpmt)
oG.setmetatable(sector, tmpmt)
wall = {}
local tmpmt = {
@ -114,7 +163,7 @@ local tmpmt = {
__newindex = function(tab, key, val) error('cannot write to wall[] struct directly') end,
__metatable = true,
}
setmetatable(wall, tmpmt)
oG.setmetatable(wall, tmpmt)
-- create a safe indirection for a ffi.C array
local function creategtab(ctab, maxidx, name)
@ -131,7 +180,7 @@ local function creategtab(ctab, maxidx, name)
end,
__metatable = true,
}
setmetatable(tab, tmpmt)
oG.setmetatable(tab, tmpmt)
return tab
end
@ -176,6 +225,21 @@ function spritesofstat(stat)
return iter_spritesofstat , stat, -1
end
-- restrict access to potentially unsafe standard Lua modules (not yet done)
os = nil
io = nil
-- add new variables/functions living in the global environment
G_.DBG_ = DBG_ -- REMOVE this for release
G_.gv = gv
G_.sector = sector
G_.wall = wall
G_.sprite = sprite
G_.headspritesect = headspritesect
G_.headspritestat = headspritestat
G_.nextspritesect = nextspritesect
G_.nextspritestat = nextspritestat
G_.prevspritesect = prevspritesect
G_.prevspritestat = prevspritestat
G_.spritesofsect = spritesofsect
G_.spritesofstat = spritesofstat
-- change the environment of the running Lua thread to the table G_
setfenv(0, G_)

View file

@ -6,7 +6,10 @@ sprite;
numsectors;
numwalls;
headspritesect; headspritestat;
prevspritesect; prevspritestat;
nextspritesect; nextspritestat;
headspritesect;
headspritestat;
prevspritesect;
prevspritestat;
nextspritesect;
nextspritestat;
};

View file

@ -25,7 +25,7 @@ int32_t El_CreateState(El_State *estate, const char *name)
{
Bfree((char *)estate->name);
estate->name = NULL;
return -1;
return -2;
}
luaL_openlibs(estate->L); // XXX: only for internal use and testing, obviously

View file

@ -3,7 +3,7 @@
print('--- ELua Test script ---')
local function checkfail(funcstr)
local status, res = pcall(loadstring(funcstr))
local status, res = pcall(DBG_.loadstring(funcstr))
if (status) then
print('ERROR: '..funcstr.." DIDN'T fail")
else
@ -14,6 +14,7 @@ end
local i
print('tweaking sector pals')
---[[
for i = 0, gv.numsectors/2 do
sector[i].floorpal = 1;
sector[i].ceilingpal = 2;
@ -28,7 +29,7 @@ end
for spr in spritesofsect(236) do
print('#spr', spr)
end
--]]
print('_G contains:')
for k,v in pairs(_G) do
print(k, v)
@ -40,9 +41,7 @@ checkfail('sector[-1].ceilingpal = 4') -- oob write access
checkfail('sector[0].wallnum = 0') -- wallnum member is read-only
checkfail('gv.numsectors = 4') -- gv.numsectors is read-only
checkfail('sector[4] = sector[6]') -- direct sector write access forbidden
checkfail("require('os')") -- 'require' has been thrown away to be replaced by
-- something more restricted later
print('--- end test script ---')
os = require("os")
print('clk', os.clock())