about summary refs log tree commit diff stats
diff options
context:
space:
mode:
authorKartik K. Agaram <vc@akkartik.com>2021-12-25 10:52:48 -0800
committerKartik K. Agaram <vc@akkartik.com>2021-12-25 11:04:23 -0800
commit917646fc9f75ab573d2b09429784dcc0940f8619 (patch)
treef0787e7e94a4deb452a26209b10adaeb130c8347
parent6af91eb0d2ef45fea1a6f35cd6aa1fa2b7435401 (diff)
downloadteliva-917646fc9f75ab573d2b09429784dcc0940f8619.tar.gz
sandbox: no popen
Again, too difficult to sandbox for now.
-rw-r--r--README.md1
-rw-r--r--sandboxing/README.md2
-rw-r--r--src/liolib.c30
-rw-r--r--src/luaconf.h28
4 files changed, 3 insertions, 58 deletions
diff --git a/README.md b/README.md
index afc8271..26581d3 100644
--- a/README.md
+++ b/README.md
@@ -131,6 +131,7 @@ libraries. However, a few things are different from conventional Lua:
 * Some functions are disabled because I don't know how to sandbox them
   effectively:
   - `os.execute`
+  - `io.popen`
 * Some functions in lcurses have [additional smarts](https://github.com/lcurses/lcurses/blob/master/lib/curses.lua).
   Teliva is [consistent with the underlying ncurses](https://github.com/akkartik/teliva/blob/main/src/lcurses/curses.lua).
 
diff --git a/sandboxing/README.md b/sandboxing/README.md
index 341cd82..4218054 100644
--- a/sandboxing/README.md
+++ b/sandboxing/README.md
@@ -33,7 +33,7 @@ Scenarios:
       allows an app to do anything. Educate people to separate apps that read
       sensitive data from apps that access remote servers.
     - (2) solution: map phases within an app to distinct permission sets
-  * (3) app wants access to system() or exec()
+  * (3) app wants access to system() or exec() or popen()
 
 Difficulty levels
   1. I have some sense of how to enforce this.
diff --git a/src/liolib.c b/src/liolib.c
index 649f9a5..04f102b 100644
--- a/src/liolib.c
+++ b/src/liolib.c
@@ -103,17 +103,6 @@ static int io_noclose (lua_State *L) {
 
 
 /*
-** function to close 'popen' files
-*/
-static int io_pclose (lua_State *L) {
-  FILE **p = tofilep(L);
-  int ok = lua_pclose(L, *p);
-  *p = NULL;
-  return pushresult(L, ok, NULL);
-}
-
-
-/*
 ** function to close regular files
 */
 static int io_fclose (lua_State *L) {
@@ -167,19 +156,6 @@ static int io_open (lua_State *L) {
 }
 
 
-/*
-** this function has a separated environment, which defines the
-** correct __close for 'popen' files
-*/
-static int io_popen (lua_State *L) {
-  const char *filename = luaL_checkstring(L, 1);
-  const char *mode = luaL_optstring(L, 2, "r");
-  FILE **pf = newfile(L);
-  *pf = lua_popen(L, filename, mode);
-  return (*pf == NULL) ? pushresult(L, 0, filename) : 1;
-}
-
-
 static int io_tmpfile (lua_State *L) {
   FILE **pf = newfile(L);
   *pf = tmpfile();
@@ -484,7 +460,7 @@ static const luaL_Reg iolib[] = {
   {"lines", io_lines},
   {"open", io_open},
   {"output", io_output},
-  {"popen", io_popen},
+  /* no popen without sandboxing it */
   {"read", io_read},
   {"tmpfile", io_tmpfile},
   {"type", io_type},
@@ -547,10 +523,6 @@ LUALIB_API int luaopen_io (lua_State *L) {
   createstdfile(L, stdout, IO_OUTPUT, "stdout");
   createstdfile(L, stderr, 0, "stderr");
   lua_pop(L, 1);  /* pop environment for default files */
-  lua_getfield(L, -1, "popen");
-  newfenv(L, io_pclose);  /* create environment for 'popen' */
-  lua_setfenv(L, -2);  /* set fenv for 'popen' */
-  lua_pop(L, 1);  /* pop 'popen' */
   return 1;
 }
 
diff --git a/src/luaconf.h b/src/luaconf.h
index 4d295e6..44d6f55 100644
--- a/src/luaconf.h
+++ b/src/luaconf.h
@@ -621,34 +621,6 @@ extern int mkstemp(char *);
 
 
 /*
-@@ lua_popen spawns a new process connected to the current one through
-@* the file streams.
-** CHANGE it if you have a way to implement it in your system.
-*/
-#if defined(LUA_USE_POPEN)
-
-/* we have newer libraries even though the dialect is C99 */
-#include <stdio.h>
-extern FILE *popen(const char *, const char *);
-extern int pclose(FILE *);
-
-#define lua_popen(L,c,m)	((void)L, fflush(NULL), popen(c,m))
-#define lua_pclose(L,file)	((void)L, (pclose(file) != -1))
-
-#elif defined(LUA_WIN)
-
-#define lua_popen(L,c,m)	((void)L, _popen(c,m))
-#define lua_pclose(L,file)	((void)L, (_pclose(file) != -1))
-
-#else
-
-#define lua_popen(L,c,m)	((void)((void)c, m),  \
-		luaL_error(L, LUA_QL("popen") " not supported"), (FILE*)0)
-#define lua_pclose(L,file)		((void)((void)L, file), 0)
-
-#endif
-
-/*
 @@ LUA_DL_* define which dynamic-library system Lua should use.
 ** CHANGE here if Lua has problems choosing the appropriate
 ** dynamic-library system for your platform (either Windows' DLL, Mac's