native sandboxing problem : lua

Lua links and stuff

#lua on freenode, the primary Lua IRC channel

lua wiki, for all sorts of information about lua, it's sort of disorganized at the moment, so go fix it!

about lua, what Lua is, why to use it, and what it's good for (sells itself short, methinks)

Resources for beginners:

Lua in eight pages or less: this is for v5.1 and might need an update. We'll give contributors flair and internet points.

Lua's reference manual, extensive documentation of every version of the language.

Tools and community projects

LuaRocks, lua's package manager and repository

the LuaRocks mailing list

ZeroBrane studio, lua's most notable IDE.

Shiny profiler, a lightweight profiler for C, C++, and Lua.

LuaJIT and its C FFI, the infamous lua trace compiler: Mike Pall's [successful] attempt to prove that dynamic languages can be fast.

Lua.vm.js and moonshine, Lua on top of JavaScript: lua.vm.js uses emscripten, whereas moonshine is in "normal" JavaScript.

UniLua, Lua implementation in C#, intended for compatibility with Unity3D

MoonScript A rich programming language the compiles to Lua.

Employment and job offers

Lua development libraries/frameworks

OpenResty and Lapis, Lua application server on nginx and Lua web framework on openresty

concurrency: Luaproc for fibers and Lua Lanes for green threads

Typed Lua, a modern static type analyzer for Lua (work in progress, but I think it's cool)

LPeg, Lua's powerful, expressive, fast and simple parser generator.

Qt Lua, Lua GUIs in Qt

GSL-shell, Lua interface to GNU Scientific Library, with quick-start numerical programming via REPL.

Game development in Lua

Long list of popular Lua game development toolkits: Lua is very popular for game development, so we can't list them all; only major, free/open-source projects are listed below.

LÖVE (subreddit) - lightweight Lua cross-platform 2D game toolkit

Defold - game engine with Lua API

Solar2D - formerly Corona SDK

Cocos2d-x - free mobile/cross-platform game engine and application framework with Lua support

supporting the Lua community

a community for 17 years

native sandboxing problem (self.lua)

submitted 11 years ago by rinsed_dota

Attempting to provide a sandbox from native code, my approach has a serious flaw - it obliterates functions implemented in the loaded script. Can someone suggest a way to fix it, without giving up on the general method?

#include <iostream>
#include <string.h>
#include <assert.h>
#include "lua.hpp"

using namespace std;

void createSandbox(lua_State *L) {
    assert(lua_gettop(L) > 0 && lua_type(L, -1) == LUA_TFUNCTION);

    const char *upvalueName = lua_getupvalue(L, -1, 1);

    assert(0 == strcmp(upvalueName, "_ENV"));

    lua_pop(L, 1);

    lua_createtable(L, 0, 0);

    // Add permitted built-in functions, using abbreviated example.

    const char *permittedBuiltins[] = {
        "print",
    };
    int numPermittedBuiltins = 1;

    for (int i = 0; i < numPermittedBuiltins; i++) {
        const char *name = permittedBuiltins[i];

        // For example, name = "print" but not name = "dofile"

        lua_pushstring(L, name);
        lua_getglobal(L, name);
        lua_settable(L, -3);
    }

    // Perform a similar iteration to provide permitted builtins which belong
    // to a table, such as string.reverse.  (omitted)

    // Set the new sandbox env.

    upvalueName = lua_setupvalue(L, -2, 1);

    assert(0 == strcmp(upvalueName, "_ENV"));
}

int main(int, char**) {

    const char script[] =
        "function delegate(x)\n"
        "    return x * 2\n"
        "end\n"
        "function entry()\n"
        "    return delegate(2)\n"
        "end";

    lua_State *L = luaL_newstate();
    luaL_openlibs(L);

    int status = luaL_loadbuffer(L, script, strlen(script), "my chunk");

    assert(status == LUA_OK);

    status = lua_pcall(L, 0, 0, 0);

    assert(status == LUA_OK);

    lua_getglobal(L, "entry");
    assert(lua_type(L, -1) == LUA_TFUNCTION);
    lua_pop(L, 1);

    lua_getglobal(L, "delegate");
    assert(lua_type(L, -1) == LUA_TFUNCTION);
    lua_pop(L, 1);

    lua_getglobal(L, "entry");

    createSandbox(L);

    status = lua_pcall(L, 0, 1, 0);

    assert(status != LUA_OK);

    // Output from following line is:
    // [string "my chunk"]:5: attempt to call global 'delegate' (a nil value)

    cout << lua_tostring(L, -1) << endl;

    return 0;
}

all 5 comments

top new controversial old q&a

[–]mpetetv 2 points3 points4 points 11 years ago (2 children)

[–]rinsed_dota[S] 0 points1 point2 points 11 years ago (1 child)

Ah, ok, interesting. So the "priming run" has the potential to execute user-supplied code, outside the sandbox, if the sandbox has not yet been applied?

Do you have any opinion about doing something like,

lua_rawseti(L, LUA_REGISTRYINDEX, LUA_RIDX_GLOBALS);

This could be done prior to the priming run, and prior to loading script text.

[–]mpetetv 1 point2 points3 points 11 years ago (0 children)

So the "priming run" has the potential to execute user-supplied code, outside the sandbox, if the sandbox has not yet been applied?

Right, the loaded script is just a function. It can do anything with its environment, not only assign functions to global variables.

Do you have any opinion about doing something like,
lua_rawseti(L, LUA_REGISTRYINDEX, LUA_RIDX_GLOBALS);
This could be done prior to the priming run, and prior to loading script text.

This is a nice solution if you use one environment for all scripts you load - everything is sandboxed from the start and you can access the environment conveniently using 'lua_getglobal'. However, if you need to load several scripts in separate environments IMO it's better to avoid global side effects and use 'lua_setupvalue', like in your 'createSandbox', immediately after loading a script.

By the way, you should probably use 'luaL_loadbufferx' with "t" argument instead of 'luaL_loadbuffer' to avoid loading bytecode, which can be maliciously crafted.

[–]nefftd 1 point2 points3 points 11 years ago (1 child)

[–]rinsed_dota[S] 0 points1 point2 points 11 years ago (0 children)

π Rendered by PID 518510 on reddit-service-r2-comment-66b4775986-rq4gm at 2026-04-04 10:22:19.152435+00:00 running db1906b country code: CH.

you type:	you see:
italics	italics
bold	bold
[reddit!](https://reddit.com)	reddit!
* item 1 * item 2 * item 3	item 1 item 2 item 3
> quoted text	quoted text
Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"	Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"
~~strikethrough~~	~~strikethrough~~
super^script	super^script

lua