From edbe3775535e7462ed7ab35f44ed7e00ab8699a5 Mon Sep 17 00:00:00 2001
From: Ulrik Sverdrup <ulrik.sverdrup@gmail.com>
Date: Wed, 24 Mar 2010 13:00:20 +0100
Subject: [PATCH] Make impossible to access operating system from Lua scripts

For security reasons, Lua scripts should not be able to read files or
run programs on the host computer; freeciv scenarios should only be
able to influence the state of the game, not the state of the server
process or computer (except through normal scenario events, such as
end of game).

For this reason, we do not load some standard lua libraries that allow
access to files or the operating system. We also disallow loading lua
libraries so that the script cannot go around this restriction.

This is the 2.1-branch version (Lua 5.0): we exclude the io library
('io' and 'os' modules) and blacklist functions dofile, loadfile and
require.

See gna bug #15624
---
 server/scripting/api.pkg   |   13 +++++++
 server/scripting/api_gen.c |   87 ++++++++++++++++++++++++--------------------
 server/scripting/api_gen.h |    2 +-
 server/scripting/script.c  |    2 +-
 4 files changed, 63 insertions(+), 41 deletions(-)

diff --git a/server/scripting/api.pkg b/server/scripting/api.pkg
index cdd74f7..22f17e4 100644
--- a/server/scripting/api.pkg
+++ b/server/scripting/api.pkg
@@ -202,6 +202,19 @@ module find {
 }
 
 $[
+--
+-- Blacklist unsafe builtin Lua functions
+-- NOTE: This list must be updated with each major Lua version!
+_freeciv_blacklist = {
+  "dofile",
+  "loadfile",
+  "require",
+}
+
+for index, symbol in ipairs(_freeciv_blacklist) do
+  _G[symbol] = nil
+end
+
 -- Dump the state of user scalar variables to a Lua code string.
 function _freeciv_state_dump()
   local res = ''
diff --git a/server/scripting/api_gen.c b/server/scripting/api_gen.c
index 0c38727..93125c3 100644
--- a/server/scripting/api_gen.c
+++ b/server/scripting/api_gen.c
@@ -1,6 +1,6 @@
 /*
 ** Lua binding: api
-** Generated automatically by tolua 5.0a on Sat Oct  3 18:52:02 2009.
+** Generated automatically by tolua 5.0a on Wed Mar 24 12:52:21 2010.
 */
 
 #ifndef __cplusplus
@@ -1647,47 +1647,56 @@ TOLUA_API int tolua_api_open (lua_State* tolua_S)
 
  { /* begin embedded lua code */
  static unsigned char B[] = {
-  10,102,117,110, 99,116,105,111,110, 32, 95,102,114,101,101,
-  99,105,118, 95,115,116, 97,116,101, 95,100,117,109,112, 40,
-  41, 10,108,111, 99, 97,108, 32,114,101,115, 32, 61, 32, 39,
-  39, 10,102,111,114, 32,107, 44, 32,118, 32,105,110, 32,112,
-  97,105,114,115, 40, 95, 71, 41, 32,100,111, 10,105,102, 32,
- 107, 32, 61, 61, 32, 39, 95, 86, 69, 82, 83, 73, 79, 78, 39,
-  32,116,104,101,110, 10,101,108,115,101,105,102, 32,116,121,
- 112,101, 40,118, 41, 32, 61, 61, 32, 39, 98,111,111,108,101,
-  97,110, 39, 10,111,114, 32,116,121,112,101, 40,118, 41, 32,
-  61, 61, 32, 39,110,117,109, 98,101,114, 39, 32,116,104,101,
- 110, 10,108,111, 99, 97,108, 32,114,118, 97,108,117,101, 32,
-  61, 32,116,111,115,116,114,105,110,103, 40,118, 41, 10,114,
+  10, 95,102,114,101,101, 99,105,118, 95, 98,108, 97, 99,107,
+ 108,105,115,116, 32, 61, 32,123, 10, 34,100,111,102,105,108,
+ 101, 34, 44, 10, 34,108,111, 97,100,102,105,108,101, 34, 44,
+  10, 34,114,101,113,117,105,114,101, 34, 44, 10,125, 10,102,
+ 111,114, 32,105,110,100,101,120, 44, 32,115,121,109, 98,111,
+ 108, 32,105,110, 32,105,112, 97,105,114,115, 40, 95,102,114,
+ 101,101, 99,105,118, 95, 98,108, 97, 99,107,108,105,115,116,
+  41, 32,100,111, 10, 95, 71, 91,115,121,109, 98,111,108, 93,
+  32, 61, 32,110,105,108, 10,101,110,100, 10,102,117,110, 99,
+ 116,105,111,110, 32, 95,102,114,101,101, 99,105,118, 95,115,
+ 116, 97,116,101, 95,100,117,109,112, 40, 41, 10,108,111, 99,
+  97,108, 32,114,101,115, 32, 61, 32, 39, 39, 10,102,111,114,
+  32,107, 44, 32,118, 32,105,110, 32,112, 97,105,114,115, 40,
+  95, 71, 41, 32,100,111, 10,105,102, 32,107, 32, 61, 61, 32,
+  39, 95, 86, 69, 82, 83, 73, 79, 78, 39, 32,116,104,101,110,
+  10,101,108,115,101,105,102, 32,116,121,112,101, 40,118, 41,
+  32, 61, 61, 32, 39, 98,111,111,108,101, 97,110, 39, 10,111,
+ 114, 32,116,121,112,101, 40,118, 41, 32, 61, 61, 32, 39,110,
+ 117,109, 98,101,114, 39, 32,116,104,101,110, 10,108,111, 99,
+  97,108, 32,114,118, 97,108,117,101, 32, 61, 32,116,111,115,
+ 116,114,105,110,103, 40,118, 41, 10,114,101,115, 32, 61, 32,
+ 114,101,115, 32, 46, 46, 32,107, 32, 46, 46, 32, 39, 61, 39,
+  32, 46, 46, 32,114,118, 97,108,117,101, 32, 46, 46, 32, 39,
+  92,110, 39, 10,101,108,115,101,105,102, 32,116,121,112,101,
+  40,118, 41, 32, 61, 61, 32, 39,115,116,114,105,110,103, 39,
+  32,116,104,101,110, 10,108,111, 99, 97,108, 32,114,118, 97,
+ 108,117,101, 32, 61, 32,115,116,114,105,110,103, 46,102,111,
+ 114,109, 97,116, 40, 39, 37,113, 39, 44, 32,118, 41, 10,114,
  101,115, 32, 61, 32,114,101,115, 32, 46, 46, 32,107, 32, 46,
   46, 32, 39, 61, 39, 32, 46, 46, 32,114,118, 97,108,117,101,
   32, 46, 46, 32, 39, 92,110, 39, 10,101,108,115,101,105,102,
-  32,116,121,112,101, 40,118, 41, 32, 61, 61, 32, 39,115,116,
- 114,105,110,103, 39, 32,116,104,101,110, 10,108,111, 99, 97,
- 108, 32,114,118, 97,108,117,101, 32, 61, 32,115,116,114,105,
- 110,103, 46,102,111,114,109, 97,116, 40, 39, 37,113, 39, 44,
-  32,118, 41, 10,114,101,115, 32, 61, 32,114,101,115, 32, 46,
-  46, 32,107, 32, 46, 46, 32, 39, 61, 39, 32, 46, 46, 32,114,
- 118, 97,108,117,101, 32, 46, 46, 32, 39, 92,110, 39, 10,101,
- 108,115,101,105,102, 32,116,121,112,101, 40,118, 41, 32, 61,
-  61, 32, 39,117,115,101,114,100, 97,116, 97, 39, 32,116,104,
- 101,110, 10,108,111, 99, 97,108, 32,109,101,116,104,111,100,
-  32, 61, 32,115,116,114,105,110,103, 46,108,111,119,101,114,
-  40,116,111,108,117, 97, 46,116,121,112,101, 40,118, 41, 41,
-  10,114,101,115, 32, 61, 32,114,101,115, 32, 46, 46, 32,107,
-  32, 46, 46, 32, 39, 61,102,105,110,100, 46, 39, 32, 46, 46,
-  32,109,101,116,104,111,100, 10,105,102, 32,109,101,116,104,
- 111,100, 32, 61, 61, 32, 39, 99,105,116,121, 39, 32,111,114,
-  32,109,101,116,104,111,100, 32, 61, 61, 32, 39,117,110,105,
- 116, 39, 32,116,104,101,110, 10,114,101,115, 32, 61, 32,114,
- 101,115, 32, 46, 46, 32, 39, 40,110,105,108, 44, 39, 32, 46,
-  46, 32,118, 46,105,100, 32, 46, 46, 32, 39, 41, 39, 10,101,
- 108,115,101, 10,114,101,115, 32, 61, 32,114,101,115, 32, 46,
-  46, 32, 39, 40, 39, 32, 46, 46, 32,118, 46,105,100, 32, 46,
-  46, 32, 39, 41, 39, 10,101,110,100, 10,114,101,115, 32, 61,
-  32,114,101,115, 32, 46, 46, 32, 39, 92,110, 39, 10,101,110,
- 100, 10,101,110,100, 10,114,101,116,117,114,110, 32,114,101,
- 115, 10,101,110,100,32
+  32,116,121,112,101, 40,118, 41, 32, 61, 61, 32, 39,117,115,
+ 101,114,100, 97,116, 97, 39, 32,116,104,101,110, 10,108,111,
+  99, 97,108, 32,109,101,116,104,111,100, 32, 61, 32,115,116,
+ 114,105,110,103, 46,108,111,119,101,114, 40,116,111,108,117,
+  97, 46,116,121,112,101, 40,118, 41, 41, 10,114,101,115, 32,
+  61, 32,114,101,115, 32, 46, 46, 32,107, 32, 46, 46, 32, 39,
+  61,102,105,110,100, 46, 39, 32, 46, 46, 32,109,101,116,104,
+ 111,100, 10,105,102, 32,109,101,116,104,111,100, 32, 61, 61,
+  32, 39, 99,105,116,121, 39, 32,111,114, 32,109,101,116,104,
+ 111,100, 32, 61, 61, 32, 39,117,110,105,116, 39, 32,116,104,
+ 101,110, 10,114,101,115, 32, 61, 32,114,101,115, 32, 46, 46,
+  32, 39, 40,110,105,108, 44, 39, 32, 46, 46, 32,118, 46,105,
+ 100, 32, 46, 46, 32, 39, 41, 39, 10,101,108,115,101, 10,114,
+ 101,115, 32, 61, 32,114,101,115, 32, 46, 46, 32, 39, 40, 39,
+  32, 46, 46, 32,118, 46,105,100, 32, 46, 46, 32, 39, 41, 39,
+  10,101,110,100, 10,114,101,115, 32, 61, 32,114,101,115, 32,
+  46, 46, 32, 39, 92,110, 39, 10,101,110,100, 10,101,110,100,
+  10,114,101,116,117,114,110, 32,114,101,115, 10,101,110,100,
+ 32
  };
  lua_dobuffer(tolua_S,(char*)B,sizeof(B),"tolua: embedded Lua code");
  } /* end of embedded lua code */
diff --git a/server/scripting/api_gen.h b/server/scripting/api_gen.h
index a3a5a44..13723b0 100644
--- a/server/scripting/api_gen.h
+++ b/server/scripting/api_gen.h
@@ -1,6 +1,6 @@
 /*
 ** Lua binding: api
-** Generated automatically by tolua 5.0a on Sat Oct  3 18:52:02 2009.
+** Generated automatically by tolua 5.0a on Wed Mar 24 12:52:21 2010.
 */
 
 /* Exported function */
diff --git a/server/scripting/script.c b/server/scripting/script.c
index 5302249..8e4643b 100644
--- a/server/scripting/script.c
+++ b/server/scripting/script.c
@@ -371,9 +371,9 @@ bool script_init(void)
       return FALSE;
     }
 
+    /* Open default libraries, excluding io */
     luaopen_base(state);
     luaopen_string(state);
-    luaopen_io(state);
     luaopen_debug(state);
     luaopen_table(state);
 
-- 
1.7.0