Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: Matthew Wild <mwild1 <at> gmail.com>
Subject: Re: newproxy surprise... anything else out there I should be worried about???
Newsgroups: gmane.comp.lang.lua.general
Date: Saturday 7th August 2010 01:28:22 UTC (over 6 years ago)
On 7 August 2010 02:01, Erik Cassel  wrote:
>
> While investigating a security breach in some of our sandbox code I came
> upon the undocumented "newproxy" feature. From a security point of view
it
> seems scary because it allows you to somehow play with metamethods of
> userdata objects.

It only allows you to play with the metamethods of userdata you
create, you can't setmetatable() on a userdata returned by newproxy,
only clone existing proxies. Still yes, it's not a function I'd expect
to see in a sandbox.

> Are there any other "undocumented" surprises in Lua?

If newproxy() was in your sandbox (especially without your knowledge)
then it wasn't a very good sandbox. To make a sandbox you should start
with an empty environment and pull in only functions you know to be
safe. In fact there's a good guide on sandboxing on the wiki,
including listing safe/unsafe standard functions:
http://lua-users.org/wiki/SandBoxes

> Yes, people use newproxy in clever ways and I'm sure they rely on it. So
> please do one of the following:
> 1) Make it an official part of the language
> 2) Put it in the documentation as an unsupported feature
> 3) Turn it off  by default. Allow it to be enabled in luaconf.h
> I think option 3 is the best one. If something isn't documented then most
> people won't use it, so it just bloats the code. Turn it off by default
and
> then let people opt into it.

I agree with any of those, though I favour 3 least. If going that far
however then I'd say just remove it completely - it's not hard to make
a C module that exports a newproxy() function if you need it, easier
than rebuilding Lua for most people.

Matthew
 
CD: 3ms