From 7c10a543342772e4186de1c217a780616539cd76 Mon Sep 17 00:00:00 2001 From: Robin Gareus Date: Wed, 4 Oct 2023 01:21:34 +0200 Subject: [PATCH] Prepare for explicit Lua Sandboxing (API update) 1/4 --- libs/lua/lua/luastate.h | 4 ++-- libs/lua/luastate.cc | 8 +++++++- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/libs/lua/lua/luastate.h b/libs/lua/lua/luastate.h index d2b86b16f0..b1f7402612 100644 --- a/libs/lua/lua/luastate.h +++ b/libs/lua/lua/luastate.h @@ -27,7 +27,7 @@ class LIBLUA_API LuaState { public: - LuaState(); + LuaState (bool sandbox = true, bool rt_safe = false); LuaState(lua_State *ls); ~LuaState(); @@ -36,7 +36,7 @@ public: void collect_garbage () const; void collect_garbage_step (int debt = 0); void tweak_rt_gc (); - void sandbox (bool rt_safe = false); + void sandbox (bool rt_safe); sigc::signal Print; diff --git a/libs/lua/luastate.cc b/libs/lua/luastate.cc index fd33cabb96..fedbf474e7 100644 --- a/libs/lua/luastate.cc +++ b/libs/lua/luastate.cc @@ -26,11 +26,16 @@ static int panic (lua_State *L) { return 0; /* return to Lua to abort */ } -LuaState::LuaState() +LuaState::LuaState(bool enable_sandbox, bool rt_safe) : L (luaL_newstate ()) { assert (L); init (); + if (enable_sandbox) { + sandbox (rt_safe); + } else { + do_command ("os.exit = nil os.setlocale = nil"); + } } LuaState::LuaState(lua_State *ls) @@ -38,6 +43,7 @@ LuaState::LuaState(lua_State *ls) { assert (L); init (); + sandbox (true); } LuaState::~LuaState() {