This is a read-only snapshot of the ComputerCraft forums, taken in April 2020.
ComputerCraftAsk a Pro
oeed's profile picture

Sandboxed FS (global and local files)

Started by oeed, 22 January 2014 - 04:38 PM
oeed #1

oeed's profile picture

2151 posts

Location Auckland, New Zealand

Posted 22 January 2014 - 05:38 PM
Essentially, in the OS I'm making programs are run in a sandboxed environment to prevent them from shutting the computer down, not overwriting items in the global environment etc. All programs are run in their own folder, with the main file called startup. If there are any APIs, images, etc. they are placed in this folder, then when they are accessed their path acts like they are in the root folder. For example, if you had a file in the program folder called 'text' you could open it with:

fs.open('text', 'r')

This works perfectly fine and is designed so every program will work. However, a problem arises when the program needs to access a file thats not in the programs folder, for example if it were a text editor. To solve this I tried adding true to all FS calls that needed to access global files. This does work, it's not idea as it has to be added, but it works. The only issue is, if you then try to run a program with fs.func(…, true) an error such as 'Expected string' is thrown. Obviously, I don't want to have to make a special version for each program. Thoughts?
CometWolf #2

CometWolf's profile picture

1281 posts

Posted 22 January 2014 - 05:50 PM
Im confused, wouldn't a simple override like you've described(i think?) be enough? I mean, aslong as you override the function in the global table, or your os's global table(provided it has a seperate)

local fsBack = fs.open
fs.open = function(...)
  local tARg = {...}
  if tArg[3] == true then
	return fsBack(tArg[1],tArg[2])
  else
	return fsBack(folderPath..tArg[1],tArg[2])
  end
end
Edited on 22 January 2014 - 04:54 PM
Symmetryc #3

Symmetryc's profile picture

500 posts

Posted 22 January 2014 - 05:54 PM
Hmm, if I understand correctly, maybe using a different mode string all together would work. E.g. if you used "~", then fs.open("text", "r") would return a file handle which would read from the program's "text" file, but fs.open("text", "r~") would return a file handle that reads from the root "text" file. This would also work with "w" ("w~") and "a" ("a~").

Edit: The above seems like a better option actually.
Edited on 22 January 2014 - 04:55 PM
oeed #4

oeed's profile picture

2151 posts

Location Auckland, New Zealand

Posted 22 January 2014 - 07:06 PM
CometWolf, on 22 January 2014 - 05:50 PM said:
Im confused, wouldn't a simple override like you've described(i think?) be enough? I mean, aslong as you override the function in the global table, or your os's global table(provided it has a seperate)

local fsBack = fs.open
fs.open = function(...)
  local tARg = {...}
  if tArg[3] == true then
	return fsBack(tArg[1],tArg[2])
  else
	return fsBack(folderPath..tArg[1],tArg[2])
  end
end

That would probably work. The only issue is making it work on non-OS run versions.
Lyqyd #5

Lyqyd's profile picture

8543 posts

Posted 22 January 2014 - 07:44 PM
This sounds like an overly simplified brute force approach to sandboxing. Wouldn't it be better to use an actual file/function call permissions system so that programs may not access resources they don't have permissions to use?
oeed #6

oeed's profile picture

2151 posts

Location Auckland, New Zealand

Posted 22 January 2014 - 08:41 PM
Lyqyd, on 22 January 2014 - 07:44 PM said:
This sounds like an overly simplified brute force approach to sandboxing. Wouldn't it be better to use an actual file/function call permissions system so that programs may not access resources they don't have permissions to use?

I'm not concerned about permissions, it overly complicates it. It's more the fact that I can't have every programs APIs, settings, etc. in the root folder. I somehow need to allow programs to access both their local files and the global files.