Commit 82747e3a authored by Baptiste Daroussin's avatar Baptiste Daroussin
Browse files

Don't run lua triggers in a sandbox, we do want os.execute

parent 0d0ab01f
......@@ -415,7 +415,7 @@ lua_os_exit(lua_State *L)
}
void
lua_override_ios(lua_State *L)
lua_override_ios(lua_State *L, bool sandboxed)
{
lua_getglobal(L, "io");
lua_pushcfunction(L, lua_io_open);
......@@ -426,8 +426,10 @@ lua_override_ios(lua_State *L)
lua_setfield(L, -2, "remove");
lua_pushcfunction(L, lua_os_rename);
lua_setfield(L, -2, "rename");
lua_pushcfunction(L, lua_os_execute);
lua_setfield(L, -2, "execute");
if (sandboxed) {
lua_pushcfunction(L, lua_os_execute);
lua_setfield(L, -2, "execute");
}
lua_pushcfunction(L, lua_os_exit);
lua_setfield(L, -2, "exit");
}
......@@ -114,7 +114,7 @@ pkg_lua_script_run(struct pkg * const pkg, pkg_lua_script type, bool upgrade)
lua_pushcfunction(L, lua_print_msg);
luaL_newlib(L, pkg_lib);
lua_setglobal(L, "pkg");
lua_override_ios(L);
lua_override_ios(L, true);
#ifdef HAVE_CAPSICUM
if (cap_enter() < 0 && errno != ENOSYS) {
err(1, "cap_enter failed");
......
......@@ -719,7 +719,7 @@ apply_keyword_file(ucl_object_t *obj, struct plist *p, char *line, struct file_a
lua_args_table(L, args, argc);
luaL_newlib(L, plist_lib);
lua_setglobal(L, "pkg");
lua_override_ios(L);
lua_override_ios(L, false);
pkg_debug(3, "Scripts: executing lua\n--- BEGIN ---"
"\n%s\nScripts: --- END ---", ucl_object_tostring(o));
if (luaL_dostring(L, ucl_object_tostring(o))) {
......
......@@ -32,6 +32,6 @@ int lua_print_msg(lua_State *L);
int lua_pkg_copy(lua_State *L);
int lua_pkg_filecmp(lua_State *L);
int lua_prefix_path(lua_State *L);
void lua_override_ios(lua_State *L);
void lua_override_ios(lua_State *L, bool);
int lua_stat(lua_State *L);
void lua_args_table(lua_State *L, char **argv, int argc);
......@@ -26,10 +26,6 @@
#include "pkg_config.h"
#ifdef HAVE_CAPSICUM
#include <sys/capsicum.h>
#endif
#include <sys/stat.h>
#include <sys/wait.h>
......@@ -384,7 +380,7 @@ trigger_execute_lua(const char *script, kh_strings_t *args)
if (pid == 0) {
L = luaL_newstate();
luaL_openlibs(L);
lua_override_ios(L);
lua_override_ios(L, false);
char *dir;
char **arguments = NULL;
int i = 0;
......@@ -395,11 +391,6 @@ trigger_execute_lua(const char *script, kh_strings_t *args)
});
}
lua_args_table(L, arguments, i);
#ifdef HAVE_CAPSICUM
if (cap_enter() < 0 && errno != ENOSYS) {
err(1, "cap_enter failed");
}
#endif
if (luaL_dostring(L, script)) {
pkg_emit_error("Failed to execute lua trigger: "
"%s", lua_tostring(L, -1));
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment