diff options
Diffstat (limited to 'notes/design')
| -rw-r--r-- | notes/design | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/notes/design b/notes/design index d055d1d..032f083 100644 --- a/notes/design +++ b/notes/design @@ -158,9 +158,12 @@ injected. 1. The host starts by preparing a socketpair and forking. 2. The forked process dup2()s the socketpair onto fd 0 and force-closes every FD (regardless of the likelyhood of it being open). -3. Then the forked process executes a specifically compiled lua interpreter. -4. The interpreter loads the Supple modules and then the one module so - instructed by the host. +3. Then the forked process executes a specifically compiled lua interpreter + wrapper program which prevents LUA_PATH et al being passed to the real + lua interpreter. It also sets the command line for the real interpreter + to simply be: lua -lsupple -esupple.sandbox.run() +4. The real interpreter then loads the Supple modules and starts the sandbox + process. 5. Said interpreter, if setuid(root) then 1. makes a directory owned by root 2. changes into that directory |