Minor improvements to Lua sandbox

diff --git a/src/script/cpp_api/s_security.cpp b/src/script/cpp_api/s_security.cpp
index ccd1214e3ad032e63e4462f538dc5142e8ca8804..a6c5114b2f5c8ebdb8a8b600da519656482df0f9 100644 (file)
--- a/src/script/cpp_api/s_security.cpp
+++ b/src/script/cpp_api/s_security.cpp
@@ -121,9 +121,7 @@ void ScriptApiSecurity::initializeSecurity()
                "date",
                "difftime",
                "getenv",
-               "setlocale",
                "time",
-               "tmpname",
        };
        static const char *debug_whitelist[] = {
                "gethook",
@@ -219,6 +217,7 @@ void ScriptApiSecurity::initializeSecurity()
        // And replace unsafe ones
        SECURE_API(os, remove);
        SECURE_API(os, rename);
+       SECURE_API(os, setlocale);
 
        lua_setglobal(L, "os");
        lua_pop(L, 1);  // Pop old OS
@@ -250,6 +249,11 @@ void ScriptApiSecurity::initializeSecurity()
        lua_pop(L, 1);  // Pop old jit
 #endif
 
+       // Get rid of 'core' in the old globals, we don't want anyone thinking it's
+       // safe or even usable.
+       lua_pushnil(L);
+       lua_setfield(L, old_globals, "core");
+
        lua_pop(L, 1); // Pop globals_backup
 
 
@@ -285,7 +289,7 @@ void ScriptApiSecurity::initializeSecurityClient()
                "rawset",
                "select",
                "setfenv",
-               // getmetatable can be used to escape the sandbox
+               // getmetatable can be used to escape the sandbox <- ???
                "setmetatable",
                "tonumber",
                "tostring",
@@ -307,7 +311,7 @@ void ScriptApiSecurity::initializeSecurityClient()
                "time"
        };
        static const char *debug_whitelist[] = {
-               "getinfo",
+               "getinfo", // used by builtin and unset before mods load
                "traceback"
        };
 
@@ -867,3 +871,21 @@ int ScriptApiSecurity::sl_os_remove(lua_State *L)
        lua_call(L, 1, 2);
        return 2;
 }
+
+
+int ScriptApiSecurity::sl_os_setlocale(lua_State *L)
+{
+       const bool cat = lua_gettop(L) > 1;
+       // Don't allow changes
+       if (!lua_isnoneornil(L, 1)) {
+               lua_pushnil(L);
+               return 1;
+       }
+
+       push_original(L, "os", "setlocale");
+       lua_pushnil(L);
+       if (cat)
+               lua_pushvalue(L, 2);
+       lua_call(L, cat ? 2 : 1, 1);
+       return 1;
+}

diff --git a/src/script/cpp_api/s_security.h b/src/script/cpp_api/s_security.h
index 619bf824fd69ea75bb466e918a713868c5476454..880ce1638b7765045193605f40606496c4e4781d 100644 (file)
--- a/src/script/cpp_api/s_security.h
+++ b/src/script/cpp_api/s_security.h
@@ -79,4 +79,5 @@ class ScriptApiSecurity : virtual public ScriptApiBase
 
        static int sl_os_rename(lua_State *L);
        static int sl_os_remove(lua_State *L);
+       static int sl_os_setlocale(lua_State *L);
 };