diff options
| author | Kartik K. Agaram <vc@akkartik.com> | 2022-02-02 23:44:25 -0800 |
|---|---|---|
| committer | Kartik K. Agaram <vc@akkartik.com> | 2022-02-02 23:44:25 -0800 |
| commit | a8dfea1d3c686437a29938a29b4b0543d8190267 (patch) | |
| tree | f7c8019ba86b35f68af8ec8726e4f860f5acaa31 /src | |
| parent | 8f8a0e5a181de799ce95c5d91c0266e0a06671d8 (diff) | |
| download | teliva-a8dfea1d3c686437a29938a29b4b0543d8190267.tar.gz | |
drop io.lines()
I'd already dropped the variant without a filename. But even the variant with a filename is very easy to use in a way that is confusing to use in the presence of sandboxing: * call io.lines() * Sandboxing saves an error, io.lines() returns nil * Caller (usually a loop) raises an error. * We show the error and not the sandboxing failure. * Worse, there's no way to adjust permissions from within Teliva, because we can't ever get to that menu while there's an error. Best solution I can come up with: encourage a separate step for translating filename to file handle. That way it's more obvious that we need to check for errors.
Diffstat (limited to 'src')
| -rw-r--r-- | src/liolib.c | 28 |
1 files changed, 1 insertions, 27 deletions
diff --git a/src/liolib.c b/src/liolib.c index 82598b6..e85b097 100644 --- a/src/liolib.c +++ b/src/liolib.c @@ -38,12 +38,6 @@ static int pushresult (lua_State *L, int i, const char *filename) { } -static void fileerror (lua_State *L, int arg, const char *filename) { - lua_pushfstring(L, "%s: %s", filename, strerror(errno)); - luaL_argerror(L, arg, lua_tostring(L, -1)); -} - - #define tofilep(L) ((FILE **)luaL_checkudata(L, 1, LUA_FILEHANDLE)) @@ -171,26 +165,6 @@ static int f_lines (lua_State *L) { } -static int io_lines (lua_State *L) { - const char *filename = luaL_checkstring(L, 1); - FILE **pf = newfile(L); - static char buffer[1024] = {0}; - memset(buffer, '\0', 1024); - snprintf(buffer, 1020, "io.lines(\"%s\")", filename); - append_to_audit_log(L, buffer); - if (file_operation_permitted(caller(L), filename, "r")) - *pf = fopen(filename, "r"); - else { - snprintf(iolib_errbuf, 1024, "app tried to open file '%s'; adjust its permissions (ctrl-p) if that is expected", filename); - Previous_message = iolib_errbuf; - } - if (*pf == NULL) - fileerror(L, 1, filename); - aux_lines(L, lua_gettop(L), 1); - return 1; -} - - /* ** {====================================================== ** READ @@ -393,7 +367,7 @@ static const luaL_Reg iolib[] = { {"close", io_close}, /* no 'flush' since Teliva is ncurses-based */ /* no 'input' since Teliva is ncurses-based */ - {"lines", io_lines}, + /* no 'io.lines'; it can confusingly fail without showing sandboxing errors */ {"open", io_open}, /* no 'output' since Teliva is ncurses-based */ /* no 'popen' without sandboxing it */ |