diff options
author | Daniel Silverstone <dsilvers@digital-scurf.org> | 2012-07-29 15:55:41 +0100 |
---|---|---|
committer | Daniel Silverstone <dsilvers@digital-scurf.org> | 2012-07-29 15:55:41 +0100 |
commit | 340c969dabb6d666d5d052ace26c9b656b7a9126 (patch) | |
tree | 63f48eefc5f0ec3c18a7bb64481b06ad6add3384 /src | |
parent | 7712b97c6ce3d0ccc4260586d7706e29d5e9a77f (diff) | |
download | supple-340c969dabb6d666d5d052ace26c9b656b7a9126.tar.gz |
SANDBOX: Enough sandboxing to get us further. Testing the wrapper is hard
Diffstat (limited to 'src')
-rw-r--r-- | src/wrapper.c | 63 |
1 files changed, 48 insertions, 15 deletions
diff --git a/src/wrapper.c b/src/wrapper.c index 59b8fd5..7cb52e3 100644 --- a/src/wrapper.c +++ b/src/wrapper.c @@ -2,7 +2,7 @@ * * Sandbox (for) Untrusted Procedure Partitioning (in) Lua Engine - Supple * - * Wrapper for Lua interpreter to protect and isolate the sandbox code. + * Wrapper interpreter to protect and isolate the sandbox code. * * Copyright 2012 Daniel Silverstone <dsilvers@digital-scurf.org> * @@ -11,33 +11,66 @@ */ #include <lua.h> +#include <lauxlib.h> +#include <lualib.h> + #include <unistd.h> #include <stdlib.h> #include <stdio.h> -char * const sub_argv[] = { - LUA_INTERP_NAME, - "-lsupple", - "-esupple.sandbox.run()", - NULL -}; +typedef struct { + int retcode; +} prot_args; + +static int +protected_main(lua_State *L) +{ + prot_args *parg = (prot_args *)lua_touserdata(L, 1); + + luaL_openlibs(L); + + lua_getglobal(L, "require"); + lua_pushstring(L, "supple"); + lua_call(L, 1, 1); + + lua_getfield(L, -1, "sandbox"); + lua_getfield(L, -1, "run"); + + lua_call(L, 0, 1); + + if (lua_isnumber(L, -1)) { + parg->retcode = lua_tonumber(L, -1); + } + + return 0; +} int main(int argc, char **argv) { + prot_args parg; + lua_State *L; + int success; + /* Perform pre-lua-interpreter initialisation */ #ifndef TESTING_SUPPLE unsetenv(LUA_PATH); unsetenv(LUA_CPATH); + unsetenv("SUPPLE_MKDTEMP"); #endif unsetenv(LUA_INIT); - - /* Now go on to run: - * /path/to/lua -lsupple -esupple.sandbox.run() - */ - if (execv(LUA_INTERP_PATH, sub_argv) == -1) { - perror("execv(" LUA_INTERP_PATH ")"); + + L = luaL_newstate(); + if (L == NULL) { + return EXIT_FAILURE; } - - return EXIT_FAILURE; + + parg.retcode = 0; + + success = lua_cpcall(L, &protected_main, &parg); + + lua_close(L); + + return ((success == 0) && (parg.retcode == 0)) ? EXIT_SUCCESS : + ((success == 0) ? parg.retcode : EXIT_FAILURE); } |