1610 posts
Posted 05 March 2014 - 05:35 PM
ApeOS
Hello everyone,
This is my first OS, and it is VERY incomplete, but I wanted to get some feedback on what I have so far. Currently all the code is available on GitHub, and although there is no installer or anything yet, you can use the component parts of the OS as they are.
Download
pastebin get wPtGKMam gitget
gitget apemanzilla ApeOs
mv downloads/ApeOs/system /
mkdir app_data
rm downloads
Setup
To use the OS once you download it (see above) run this shell command:
system/system.luaThis will load the BIOS, globals, APIs and configs for the OS.
Features
Although incomplete, you can use the features of the OS via shell:
Sandboxed Shell
system/shell.luaThis is a version of the shell that runs programs within the sandbox automatically.
Note: Will crash if you have not run "system/system.lua"
Note: If you don't see your programs in the protected shell, it's because it's checking the app_data folder. Try ../program if it's in the root, or move the program to the app_data folder.
Note: Although this will work for most programs, many may crash while sandboxed!
Sandboxed programs
system/startProgram.lua [program] [args:{}]I highly recommend using the protected shell over this, but you can use this if you like.
This starts the given program within the sandbox to limit its capabilities. The "args:{}" argument specifies arguments to pass to the program, in the form of a serialized table. Example:
system/startProgram.lua rom/programs/edit args:{[1]="a_file",}will run "edit" within the sandbox, editing "a_file."
Note: Will crash if you have not run "system/system.lua"
Note: Although this will work for most programs, many may crash while sandboxed!
Sandbox
If you haven't heard of the term before, you're probably wondering what the sandbox is. The sandbox is a special environment in which functions (or, in this case, programs) are run to limit their capabilities. This is extremely useful when dealing with suspicious programs, or just in general to prevent a virus crippling your system.
In ApeOS, the sandbox is a core part of the OS. The default sandbox does the following:
- Limits fs API calls to the sandbox folder - "app_data" by default - io.open included
- Disables certain functions of the help API
- Disables overwriting the coroutine globals table
- Disables setfenv and getfenv
- Disables dofile, loadfile, and loadstring
- Overwrites the shutdown and reboot functions to ask for player's permission (Incomplete)
- Disables term.redirect and term.restore
- Limits shell API to sandbox folder - "app_data" by default
- Disables access to generic global variables,
Planned features
- Optional GUI
- Various bugfixes
- Installer
- Updater
- Configurable sandbox(es)
Bugs
- shell.resolve and shell.resolveProgram not completely functional
Changelog
Version 0.1a to 0.11a
- Rewrite of safe_fs and safe_shell APIs to fix major security hole
- Modifications to default sandbox
- Changes to protected shell to error out less
- Initial release
Edited on 06 March 2014 - 02:12 AM
