From: Tobias Ulmer Date: Tue, 25 Feb 2014 13:18:39 +0000 (+0100) Subject: Don't pass main string package into protected environment X-Git-Tag: e2factory-2.3.15rc1~214 X-Git-Url: https://git.e2factory.org/?a=commitdiff_plain;h=118cd203b1026df1ccda4913ad6f18eef924914d;p=e2factory.git Don't pass main string package into protected environment The string package can easily be manipulated or variable passed around in it. Supply each protected environment with its own copy of the table and only add functions that are considered safe. --- diff --git a/generic/e2lib.lua b/generic/e2lib.lua index 9ea320f..126ea8e 100644 --- a/generic/e2lib.lua +++ b/generic/e2lib.lua @@ -1484,6 +1484,28 @@ function e2lib.callcmd_log(cmd, workdir, envdict) return rc, e end +--- Generate a new table populated with all the safe Lua "string" functions. +-- The intended use is to generate a now string table for each protected +-- environment, so that no information can be passed through string, or worse, +-- real string functions can be overwritten and thus escape the protected env. +-- @return New "string" replacement package. +function e2lib.safe_string_table() + local safefn = { + "byte", "char", "find", "format", "gmatch", "gsub", "len", "lower", + "match", "rep", "reverse", "sub", "upper" + } + -- unsafe: dump + + local st = {} + + for _,name in ipairs(safefn) do + assert(string[name]) + st[name] = string[name] + end + + return st +end + --- Executes Lua code loaded from path. --@param path Filename to load lua code from (string). --@param gtable Environment (table) that is used instead of the global _G. diff --git a/local/chroot.lua b/local/chroot.lua index b123ac1..3b8b9c9 100644 --- a/local/chroot.lua +++ b/local/chroot.lua @@ -174,12 +174,13 @@ function chroot.load_chroot_config(info) e = err.new("loading chroot config %q failed", path) t = nil - local function assign(table) - t = table - end + local g = { + e2chroot = function (data) t = data end, + env = info.env, + string = e2lib.safe_string_table(), + } - rc, re = e2lib.dofile2(path, - { e2chroot = assign, env = info.env, string = string }) + rc, re = e2lib.dofile2(path, g) if not rc then return false, re end diff --git a/local/e2tool.lua b/local/e2tool.lua index 5c4ab2c..ffebb7e 100644 --- a/local/e2tool.lua +++ b/local/e2tool.lua @@ -169,7 +169,13 @@ local function load_user_config(info, path, dest, index, var) dest[index] = table end - rc, re = e2lib.dofile2(path, { [var] = func, env = info.env, string=string }) + local g = { + [var] = func, + env = info.env, + string = e2lib.safe_string_table(), + } + + rc, re = e2lib.dofile2(path, g) if not rc then return false, e:cat(re) end @@ -216,11 +222,15 @@ local function load_user_config2(info, path, types) table.insert(list, t) end - local g = {} -- compose the environment for the config file - g.env = info.env -- env - g.string = string -- string + -- compose the environment for the config file + local g = { + env = info.env, + string = e2lib.safe_string_table(), + } + + -- and some config functions for _,typ in ipairs(types) do - g[typ] = f[typ] -- and some config functions + g[typ] = f[typ] end rc, re = e2lib.dofile2(path, g) @@ -574,8 +584,8 @@ local function load_env_config(info, file) local path = e2lib.join(info.root, file) local g = { e2env = info.env, - string = string, env = mergeenv, + string = e2lib.safe_string_table(), } rc, re = e2lib.dofile2(path, g) if not rc then diff --git a/local/licence.lua b/local/licence.lua index c3faabc..09aab3c 100644 --- a/local/licence.lua +++ b/local/licence.lua @@ -158,19 +158,22 @@ function licence.load_licence_config(info) e2lib.logf(3, "loading licence config %q", path) e = err.new("loading licence config %q failed", path) - ltable = {} - local function assign(table) - for k,v in pairs(table) do - ltable[k] = v - end - end + ltable = nil + local g = { + e2licence = function(data) ltable = data end, + env = info.env, + string = e2lib.safe_string_table(), + } - rc, re = e2lib.dofile2(path, - { e2licence = assign, env = info.env, string = string }) + rc, re = e2lib.dofile2(path, g) if not rc then return false, re end + if type(ltable) ~= "table" then + return false, e:append("empty or invalid licence configuration") + end + for k,v in pairs(ltable) do if type(k) ~= "string" then return false, e:append("key %q is not a string", tostring(k))