Radish alpha
H
HardenedBSD-pkg
rad:z3QDZAW2FAfuLvihrhiyDC9fAD8G9
HardenedBSD Package Manager
Radicle
Git
Commits 82747e3
Don't run lua triggers in a sandbox, we do want os.execute
Baptiste Daroussin committed 5 years ago
commit 82747e3ab7a38fd42252d3be8daf7ce7e555b87f
parent 0d0ab01
5 files changed +9 -16
modified libpkg/lua.c
@@ -415,7 +415,7 @@ lua_os_exit(lua_State *L)
}



void
- 
lua_override_ios(lua_State *L)
+ 
lua_override_ios(lua_State *L, bool sandboxed)

{

	lua_getglobal(L, "io");

	lua_pushcfunction(L, lua_io_open);
@@ -426,8 +426,10 @@ lua_override_ios(lua_State *L)
	lua_setfield(L, -2, "remove");

	lua_pushcfunction(L, lua_os_rename);

	lua_setfield(L, -2, "rename");
- 
	lua_pushcfunction(L, lua_os_execute);
- 
	lua_setfield(L, -2, "execute");
+ 
	if (sandboxed) {
+ 
		lua_pushcfunction(L, lua_os_execute);
+ 
		lua_setfield(L, -2, "execute");
+ 
	}

	lua_pushcfunction(L, lua_os_exit);

	lua_setfield(L, -2, "exit");

}
modified libpkg/lua_scripts.c
@@ -114,7 +114,7 @@ pkg_lua_script_run(struct pkg * const pkg, pkg_lua_script type, bool upgrade)
			lua_pushcfunction(L, lua_print_msg);

			luaL_newlib(L, pkg_lib);

			lua_setglobal(L, "pkg");
- 
			lua_override_ios(L);
+ 
			lua_override_ios(L, true);

#ifdef HAVE_CAPSICUM

			if (cap_enter() < 0 && errno != ENOSYS) {

				err(1, "cap_enter failed");
modified libpkg/pkg_ports.c
@@ -719,7 +719,7 @@ apply_keyword_file(ucl_object_t *obj, struct plist *p, char *line, struct file_a
		lua_args_table(L, args, argc);

		luaL_newlib(L, plist_lib);

		lua_setglobal(L, "pkg");
- 
		lua_override_ios(L);
+ 
		lua_override_ios(L, false);

		pkg_debug(3, "Scripts: executing lua\n--- BEGIN ---"

		    "\n%s\nScripts: --- END ---", ucl_object_tostring(o));

		if (luaL_dostring(L, ucl_object_tostring(o))) {
modified libpkg/private/lua.h
@@ -32,6 +32,6 @@ int lua_print_msg(lua_State *L);
int lua_pkg_copy(lua_State *L);

int lua_pkg_filecmp(lua_State *L);

int lua_prefix_path(lua_State *L);
- 
void lua_override_ios(lua_State *L);
+ 
void lua_override_ios(lua_State *L, bool);

int lua_stat(lua_State *L);

void lua_args_table(lua_State *L, char **argv, int argc);
modified libpkg/triggers.c
@@ -26,10 +26,6 @@


#include "pkg_config.h"
- 
#ifdef HAVE_CAPSICUM
- 
#include <sys/capsicum.h>
- 
#endif
- 


#include <sys/stat.h>

#include <sys/wait.h>
@@ -384,7 +380,7 @@ trigger_execute_lua(const char *script, kh_strings_t *args)
	if (pid == 0) {

		L = luaL_newstate();

		luaL_openlibs(L);
- 
		lua_override_ios(L);
+ 
		lua_override_ios(L, false);

		char *dir;

		char **arguments = NULL;

		int i = 0;
@@ -395,11 +391,6 @@ trigger_execute_lua(const char *script, kh_strings_t *args)
			});

		}

		lua_args_table(L, arguments, i);
- 
#ifdef HAVE_CAPSICUM
- 
		if (cap_enter() < 0 && errno != ENOSYS) {
- 
			err(1, "cap_enter failed");
- 
		}
- 
#endif

		if (luaL_dostring(L, script)) {

			pkg_emit_error("Failed to execute lua trigger: "

					"%s", lua_tostring(L, -1));