diff options
| author | Daniel Silverstone <dsilvers@digital-scurf.org> | 2012-07-29 12:34:12 +0100 |
|---|---|---|
| committer | Daniel Silverstone <dsilvers@digital-scurf.org> | 2012-07-29 12:34:12 +0100 |
| commit | 7712b97c6ce3d0ccc4260586d7706e29d5e9a77f (patch) | |
| tree | c3677c7740e0f7370c152f2de660ca0b65eb732c | |
| parent | 53444511938cc3999729a4c2aa6eccc9a2741ab2 (diff) | |
| download | supple-7712b97c6ce3d0ccc4260586d7706e29d5e9a77f.tar.gz | |
WRAPPER: Initial interpreter wrapper work ready for subprocess sandboxing
| -rw-r--r-- | .gitignore | 3 | ||||
| -rw-r--r-- | Makefile | 22 | ||||
| -rw-r--r-- | src/wrapper.c | 43 |
3 files changed, 62 insertions, 6 deletions
@@ -3,4 +3,5 @@ *.so luacov.stats.out luacov.report.out - +wrapper +testwrapper @@ -19,11 +19,16 @@ CMOD_OBJECTS := $(patsubst %,lib/%.o,$(subst .,/,$(CMODULES))) .PRECIOUS: $(CMOD_OBJECTS) +LUA_INTERP_NAME := lua$(LUA_VER) +LUA_INTERP_PATH := $(shell which lua$(LUA_VER)) + INCS := -I/usr/include/lua$(LUA_VER) OPT := -O0 -g WARN := -Wall -Werror -CFLAGS := $(INCS) $(OPT) $(WARN) $(CFLAGS) -LFLAGS := -O1 -g -shared $(LFLAGS) +DEFS := -D'LUA_INTERP_NAME="$(LUA_INTERP_NAME)"' \ + -D'LUA_INTERP_PATH="$(LUA_INTERP_PATH)"' +CFLAGS := $(INCS) $(OPT) $(WARN) $(DEFS) $(CFLAGS) +LFLAGS := -O1 -g $(LFLAGS) %.so: %.o $(CC) $(LFLAGS) -shared -o $@ $^ -llua$(LUA_VER) @@ -31,7 +36,13 @@ LFLAGS := -O1 -g -shared $(LFLAGS) %.o: %.c $(CC) $(CFLAGS) -fPIC -o $@ -c $< -build: $(CMOD_TARGETS) +build: $(CMOD_TARGETS) wrapper + +wrapper: src/wrapper.c + $(CC) $(LFLAGS) $(CFLAGS) -o $@ $< -llua$(LUA_VER) + +testwrapper: src/wrapper.c + $(CC) $(LFLAGS) $(CFLAGS) -DTESTING_SUPPLE -o $@ $< -llua$(LUA_VER) install: build mkdir -p $(LINST_ROOT)/supple @@ -47,11 +58,12 @@ ifeq ($(DEBUG),gdb) GDB := gdb --args endif -LUA := LUA_PATH="$(shell pwd)/lib/?.lua;$(shell pwd)/extras/luacov/src/?.lua;;" LUA_CPATH="$(shell pwd)/lib/?.so;;" $(GDB) lua$(LUA_VER) +LUA := LUA_PATH="$(shell pwd)/lib/?.lua;$(shell pwd)/extras/luacov/src/?.lua;;" LUA_CPATH="$(shell pwd)/lib/?.so;;" $(GDB) $(LUA_INTERP_PATH) clean: $(RM) luacov.report.out luacov.stats.out $(RM) $(CMOD_TARGETS) $(CMOD_OBJECTS) + $(RM) wrapper testwrapper distclean: clean find . -name "*~" -delete @@ -61,7 +73,7 @@ example: $(LUA) example/supple-example.lua .PHONY: test -test: build +test: build testwrapper @$(RM) luacov.stats.out @ERR=0; \ for MOD in $(sort $(TEST_MODULES)); do \ diff --git a/src/wrapper.c b/src/wrapper.c new file mode 100644 index 0000000..59b8fd5 --- /dev/null +++ b/src/wrapper.c @@ -0,0 +1,43 @@ +/* supple/src/wrapper.c + * + * Sandbox (for) Untrusted Procedure Partitioning (in) Lua Engine - Supple + * + * Wrapper for Lua interpreter to protect and isolate the sandbox code. + * + * Copyright 2012 Daniel Silverstone <dsilvers@digital-scurf.org> + * + * For licence terms, see COPYING + * + */ + +#include <lua.h> +#include <unistd.h> +#include <stdlib.h> +#include <stdio.h> + +char * const sub_argv[] = { + LUA_INTERP_NAME, + "-lsupple", + "-esupple.sandbox.run()", + NULL +}; + +int +main(int argc, char **argv) +{ + /* Perform pre-lua-interpreter initialisation */ +#ifndef TESTING_SUPPLE + unsetenv(LUA_PATH); + unsetenv(LUA_CPATH); +#endif + unsetenv(LUA_INIT); + + /* Now go on to run: + * /path/to/lua -lsupple -esupple.sandbox.run() + */ + if (execv(LUA_INTERP_PATH, sub_argv) == -1) { + perror("execv(" LUA_INTERP_PATH ")"); + } + + return EXIT_FAILURE; +} |