From e3e383207066786406b40740e8434d6aa8fe66f8 Mon Sep 17 00:00:00 2001
From: Mark Vejvoda <mark_vejvoda@hotmail.com>
Date: Thu, 11 Oct 2012 05:17:37 +0000
Subject: [PATCH] - added first round of security sandboxing for lua scripts
 (disable the os library)

---
 source/glest_game/game/script_manager.cpp    | 40 ++++++++++++++------
 source/glest_game/main/main.cpp              |  5 +++
 source/shared_lib/include/lua/lua_script.h   |  4 ++
 source/shared_lib/sources/lua/lua_script.cpp | 17 ++++++++-
 4 files changed, 53 insertions(+), 13 deletions(-)

diff --git a/source/glest_game/game/script_manager.cpp b/source/glest_game/game/script_manager.cpp
index abcf2118a..d8a2f408d 100644
--- a/source/glest_game/game/script_manager.cpp
+++ b/source/glest_game/game/script_manager.cpp
@@ -411,20 +411,36 @@ void ScriptManager::init(World* world, GameCamera *gameCamera, const XmlNode *ro
 
 	if(SystemFlags::getSystemSettingType(SystemFlags::debugLUA).enabled) SystemFlags::OutputDebug(SystemFlags::debugLUA,"In [%s::%s Line: %d]\n",__FILE__,__FUNCTION__,__LINE__);
 
-	// Setup global functions and vars here
-	luaScript.beginCall("global");
-	luaScript.endCall();
-
-	//call startup function
-	if(this->rootNode == NULL) {
-		luaScript.beginCall("startup");
+	try {
+		// Setup global functions and vars here
+		luaScript.beginCall("global");
 		luaScript.endCall();
-	}
-	else {
-		loadGame(this->rootNode);
-		this->rootNode = NULL;
-	}
 
+		//call startup function
+		if(this->rootNode == NULL) {
+			luaScript.beginCall("startup");
+			luaScript.endCall();
+		}
+		else {
+			loadGame(this->rootNode);
+			this->rootNode = NULL;
+		}
+	}
+	catch(const megaglest_runtime_error &ex) {
+		string sErrBuf = "";
+		//if(ex.wantStackTrace() == true) {
+			char szErrBuf[8096]="";
+			sprintf(szErrBuf,"In [%s::%s %d]",__FILE__,__FUNCTION__,__LINE__);
+			sErrBuf = string(szErrBuf) + string("\nerror [") + string(ex.what()) + string("]\n");
+		//}
+		SystemFlags::OutputDebug(SystemFlags::debugError,sErrBuf.c_str());
+		if(SystemFlags::getSystemSettingType(SystemFlags::debugSystem).enabled) SystemFlags::OutputDebug(SystemFlags::debugSystem,sErrBuf.c_str());
+
+		ScriptManager_STREFLOP_Wrapper streflopWrapper;
+
+		messageQueue.push_back(ScriptManagerMessage(sErrBuf.c_str(), "error"));
+		onMessageBoxOk(false);
+	}
 	if(SystemFlags::getSystemSettingType(SystemFlags::debugLUA).enabled) SystemFlags::OutputDebug(SystemFlags::debugLUA,"In [%s::%s Line: %d]\n",__FILE__,__FUNCTION__,__LINE__);
 }
 
diff --git a/source/glest_game/main/main.cpp b/source/glest_game/main/main.cpp
index 0d7ffe009..cfc694d5e 100644
--- a/source/glest_game/main/main.cpp
+++ b/source/glest_game/main/main.cpp
@@ -49,6 +49,7 @@
 #include <locale.h>
 #include "string_utils.h"
 #include "auto_test.h"
+#include "lua_script.h"
 
 // To handle signal catching
 #if defined(__GNUC__) && !defined(__MINGW32__) && !defined(__FreeBSD__) && !defined(BSD)
@@ -3206,6 +3207,10 @@ int glestMain(int argc, char** argv) {
 		Config &config = Config::getInstance();
 		setupGameItemPaths(argc, argv, &config);
 
+		if(config.getBool("DisableLuaSandbox","false") == true) {
+			LuaScript::setDisableSandbox(true);
+		}
+
 		Socket::setBroadCastPort(config.getInt("BroadcastPort",intToStr(Socket::getBroadCastPort()).c_str()));
 
 		Socket::disableNagle = config.getBool("DisableNagle","false");
diff --git a/source/shared_lib/include/lua/lua_script.h b/source/shared_lib/include/lua/lua_script.h
index 1e32dd7d7..fd9561813 100644
--- a/source/shared_lib/include/lua/lua_script.h
+++ b/source/shared_lib/include/lua/lua_script.h
@@ -42,12 +42,16 @@ private:
 	string sandboxWrapperFunctionName;
 	string sandboxCode;
 
+	static bool disableSandbox;
+
 	void DumpGlobals();
 
 public:
 	LuaScript();
 	~LuaScript();
 
+	static void setDisableSandbox(bool value) { disableSandbox = value; }
+
 	void loadCode(string code, string name);
 
 	void beginCall(string functionName);
diff --git a/source/shared_lib/sources/lua/lua_script.cpp b/source/shared_lib/sources/lua/lua_script.cpp
index fd1864515..01b263a92 100644
--- a/source/shared_lib/sources/lua/lua_script.cpp
+++ b/source/shared_lib/sources/lua/lua_script.cpp
@@ -45,6 +45,8 @@ public:
 //	class LuaScript
 // =====================================================
 
+bool LuaScript::disableSandbox = false;
+
 LuaScript::LuaScript() {
 	Lua_STREFLOP_Wrapper streflopWrapper;
 
@@ -56,11 +58,24 @@ LuaScript::LuaScript() {
 
 	luaL_openlibs(luaState);
 
-	if(luaState==NULL){
+	if(luaState == NULL) {
 		throw megaglest_runtime_error("Can not allocate lua state");
 	}
 
 	argumentCount= -1;
+
+	if(disableSandbox == false) {
+		lua_getglobal(luaState, "os");
+		lua_pushnil(luaState);
+		lua_setfield(luaState, -2, "execute");
+		lua_pushnil(luaState);
+		lua_setfield(luaState, -2, "rename");
+		lua_pushnil(luaState);
+		lua_setfield(luaState, -2, "remove");
+		lua_pushnil(luaState);
+		lua_setfield(luaState, -2, "exit");
+		lua_pop(luaState, 1);
+	}
 }
 
 void LuaScript::DumpGlobals()