GNOME Bugzilla – Bug 750982
Better sandboxing
Last modified: 2015-06-16 10:44:52 UTC
.
Created attachment 305272 [details] [review] lua-factory: Reduce the number of libs we load We don't want to lua to be initialised with a number of base libraries that can access the local filesystem, or load external packages. This is the recommended way to implement sandboxes in Lua.
Created attachment 305273 [details] [review] lua-factory: Don't allow Lua sources to load external modules We want to be able to control the modules used by Lua sources. Right now, we'll only support the "grl" builtin module.
Hey, I agree that: - We need better sandboxing (mainly for security reasons); - Allowing Lua libraries as dependencies should be dealt with care; What do you think about having those disable by default on build time but keep a build option for them? --lua-factory-sandbox=disable for instance? I can see people using this feature happily outside desktop environment.
> I can see people using this feature happily outside desktop environment. ? I don't think that security should be optional. And we can add wrappers around specific functionality when requested, rather than leaving it open by default.
(In reply to Bastien Nocera from comment #4) > > I can see people using this feature happily outside desktop environment. > > ? In a set-top box or media center applications that could use Grilo as its framework for plugins. Being able to use ready-to-use Lua libraries could be nice. AFAIK this is not a present need... > > I don't think that security should be optional. Me neither, I totally agree with better sandboxing. > And we can add wrappers around specific functionality when requested, rather > than leaving it open by default. I don't see any harm on wrapping this on #ifdef ENABLE_LUA_LIBRARIES and let it disabled by default... ... but as this doesn't seem necessary for any known system/application, feel free to ignore the suggestion.
Review of attachment 305272 [details] [review]: Looks good!
Review of attachment 305273 [details] [review]: Feel free to push after removing the other function. ::: src/lua-factory/grl-lua-factory.c @@ -928,3 @@ - lua_module = it->data; - - if (lua_module_exists (lua_module) == FALSE) { lua_module_exists is not used anywhere else and should be removed too! grl-lua-factory.c:520:1: warning: 'lua_module_exists' defined but not used [-Wunused-function] lua_module_exists (const gchar *lua_module
Created attachment 305380 [details] [review] lua-factory: Don't allow Lua sources to load external modules We want to be able to control the modules used by Lua sources. Right now, we'll only support the "grl" builtin module.
Attachment 305272 [details] pushed as 2e25300 - lua-factory: Reduce the number of libs we load Attachment 305380 [details] pushed as 3da1df6 - lua-factory: Don't allow Lua sources to load external modules