about summary refs log tree commit diff stats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/liolib.c15
-rw-r--r--src/loslib.c26
2 files changed, 33 insertions, 8 deletions
diff --git a/src/liolib.c b/src/liolib.c
index 6fb3359..feeeb8f 100644
--- a/src/liolib.c
+++ b/src/liolib.c
@@ -132,10 +132,19 @@ static int io_open (lua_State *L) {
   snprintf(buffer, 1020, "io.open(\"%s\", \"%s\")", filename, mode);
   append_to_audit_log(L, buffer);
   FILE **pf = newfile(L);
-  if (file_operation_permitted(filename, mode)
-      /* filenames starting with teliva_tmp_ are always ok */
-      || starts_with(filename, "teliva_tmp_"))
+  /* filenames starting with teliva_tmp_ are always ok */
+  if (starts_with(filename, "teliva_tmp_")) {
     *pf = fopen(filename, mode);
+  }
+  /* other filenames starting with teliva_ are never ok (reserved for the
+   * framework, should not be accessed by apps directly */
+  else if (starts_with(filename, "teliva_")) {
+    snprintf(iolib_errbuf, 1024, "app tried to open file '%s'; that's never allowed for filenames starting with 'teliva_'", filename);
+    Previous_message = iolib_errbuf;
+  }
+  else if (file_operation_permitted(filename, mode)) {
+    *pf = fopen(filename, mode);
+  }
   else {
     snprintf(iolib_errbuf, 1024, "app tried to open file '%s'; adjust its permissions (ctrl-p) if that is expected", filename);
     Previous_message = iolib_errbuf;
diff --git a/src/loslib.c b/src/loslib.c
index 09a00c3..3137a6b 100644
--- a/src/loslib.c
+++ b/src/loslib.c
@@ -46,19 +46,35 @@ static char oslib_errbuf[1024] = {0};
 static int os_rename (lua_State *L) {
   const char *fromname = luaL_checkstring(L, 1);
   const char *toname = luaL_checkstring(L, 2);
-  /* A rename is like reading from one file and writing to another file. */
-  if (!file_operation_permitted(fromname, "r")
-      && !starts_with(fromname, "teliva_tmp_")) {
+  /* Sandboxing {
+   * A rename is like reading from one file and writing to another file. */
+  if (starts_with(fromname, "teliva_tmp_")) {
+    /* continue */
+  }
+  else if (starts_with(fromname, "teliva_")) {
+    snprintf(oslib_errbuf, 1024, "app tried to open file '%s'; that's never allowed for filenames starting with 'teliva_'", fromname);
+    Previous_message = oslib_errbuf;
+    return os_pushresult(L, 0, fromname);
+  }
+  else if (!file_operation_permitted(fromname, "r")) {
     snprintf(oslib_errbuf, 1024, "app tried to open file '%s' for reading; adjust its permissions (ctrl-p) if that is expected", fromname);
     Previous_message = oslib_errbuf;
     return os_pushresult(L, 0, fromname);
   }
-  if (!file_operation_permitted(toname, "w")
-      && !starts_with(fromname, "teliva_tmp_")) {
+  if (starts_with(toname, "teliva_tmp_")) {
+    /* continue */
+  }
+  else if (starts_with(toname, "teliva_")) {
+    snprintf(oslib_errbuf, 1024, "app tried to open file '%s'; that's never allowed for filenames starting with 'teliva_'", toname);
+    Previous_message = oslib_errbuf;
+    return os_pushresult(L, 0, toname);
+  }
+  else if (!file_operation_permitted(toname, "w")) {
     snprintf(oslib_errbuf, 1024, "app tried to open file '%s' for writing; adjust its permissions (ctrl-p) if that is expected", toname);
     Previous_message = oslib_errbuf;
     return os_pushresult(L, 0, toname);
   }
+  /* } */
   return os_pushresult(L, rename(fromname, toname) == 0, fromname);
 }
generated by cgit-pink 1.4.1-2-gfad0 (git 2.36.2.497.gbbea4dcf42) at 2025-04-22 03:44:01 +0000