diff options
| author | Kartik K. Agaram <vc@akkartik.com> | 2022-03-08 19:20:53 -0800 |
|---|---|---|
| committer | Kartik K. Agaram <vc@akkartik.com> | 2022-03-08 19:20:53 -0800 |
| commit | 08c49b5a0a5784c499ad0439c1f3258ff3755db9 (patch) | |
| tree | ab62510dde1e56e9c4ddf59cfa875c2b32f9e027 /src/loslib.c | |
| parent | 2b47f763086cba3369a928c8e9d9d9543b844e37 (diff) | |
| download | teliva-08c49b5a0a5784c499ad0439c1f3258ff3755db9.tar.gz | |
protect framework files from apps
There's a separate open question here of where Teliva should store files like teliva_editor_state and teliva_editor_buffer. One school of thought is that apps should never be dropping crud into people's directories. On the other hand, I'm kinda encouraging people so far to just run apps from Teliva's directory. Perhaps that makes it ok?
Diffstat (limited to 'src/loslib.c')
| -rw-r--r-- | src/loslib.c | 26 |
1 files changed, 21 insertions, 5 deletions
diff --git a/src/loslib.c b/src/loslib.c index 09a00c3..3137a6b 100644 --- a/src/loslib.c +++ b/src/loslib.c @@ -46,19 +46,35 @@ static char oslib_errbuf[1024] = {0}; static int os_rename (lua_State *L) { const char *fromname = luaL_checkstring(L, 1); const char *toname = luaL_checkstring(L, 2); - /* A rename is like reading from one file and writing to another file. */ - if (!file_operation_permitted(fromname, "r") - && !starts_with(fromname, "teliva_tmp_")) { + /* Sandboxing { + * A rename is like reading from one file and writing to another file. */ + if (starts_with(fromname, "teliva_tmp_")) { + /* continue */ + } + else if (starts_with(fromname, "teliva_")) { + snprintf(oslib_errbuf, 1024, "app tried to open file '%s'; that's never allowed for filenames starting with 'teliva_'", fromname); + Previous_message = oslib_errbuf; + return os_pushresult(L, 0, fromname); + } + else if (!file_operation_permitted(fromname, "r")) { snprintf(oslib_errbuf, 1024, "app tried to open file '%s' for reading; adjust its permissions (ctrl-p) if that is expected", fromname); Previous_message = oslib_errbuf; return os_pushresult(L, 0, fromname); } - if (!file_operation_permitted(toname, "w") - && !starts_with(fromname, "teliva_tmp_")) { + if (starts_with(toname, "teliva_tmp_")) { + /* continue */ + } + else if (starts_with(toname, "teliva_")) { + snprintf(oslib_errbuf, 1024, "app tried to open file '%s'; that's never allowed for filenames starting with 'teliva_'", toname); + Previous_message = oslib_errbuf; + return os_pushresult(L, 0, toname); + } + else if (!file_operation_permitted(toname, "w")) { snprintf(oslib_errbuf, 1024, "app tried to open file '%s' for writing; adjust its permissions (ctrl-p) if that is expected", toname); Previous_message = oslib_errbuf; return os_pushresult(L, 0, toname); } + /* } */ return os_pushresult(L, rename(fromname, toname) == 0, fromname); } |