This is a read-only snapshot of the ComputerCraft forums, taken in April 2020.
ComputerCraftGeneral
Kn3ff3tS's profile picture

[REQUEST] Server security system

Started by Kn3ff3tS, 02 January 2015 - 03:46 PM
Kn3ff3tS #1

Kn3ff3tS's profile picture

5 posts

Posted 02 January 2015 - 04:46 PM
I need a server security system with a restricted shell, and remote file access/administration!

Please can someone help me?


PM me on skype(deinvorbild3) or write it under the topic.
Lyqyd #2

Lyqyd's profile picture

8543 posts

Posted 02 January 2015 - 05:19 PM
Moved to General.
NanoBob #3

NanoBob's profile picture

105 posts

Posted 02 January 2015 - 06:08 PM
Please explain further what it is you want to be done, in detail.
SquidDev #4

SquidDev's profile picture

1426 posts

Location Does anyone put something serious here?

Posted 02 January 2015 - 06:16 PM
For a restricted shell, I presume you mean sandboxing. The Lua wiki has a very useful page on this. Sandboxes are in general very tricky. I'll put some example stuff in a spoiler.
SpoilerThis is a basic sandbox of sorts:

-- This is a special table that holds the environment.
-- There is a tutorial on metatables here: http://lua-users.org/wiki/MetamethodsTutorial
local sandEnv = setmetatable({}, {__index = getfenv(), __metatable = {}})

local function banned() error("Cannot use this function", 2) end -- Use for disabled functions

-- Disable filesystem. I don''t know what you want to do but it is an example
sandEnv.fs = setmetatable({}, {__index = banned})
sandEnv.loadfile = banned
sandEnv.dofile = banned
-- Should disable os.run as well but meh.

-- Load the file and set it to run in the sandbox
setfenv(loadfile('something.lua'), sandEnv)()

Example file to run:

print("HELLO")
local a = fs.open('file', 'w') -- Breaks
loadfile('Something.lua')() -- Breaks

-- But this works
local newEnv = getfenv(print)
newEnv.loadfile('Something.lua')()

This sandbox fixes that, but I'm sure there are ways round it.
Spoiler

-- This is a special table that holds the environment.
-- There is a tutorial on metatables here: http://lua-users.org/wiki/MetamethodsTutorial
local sandEnv = setmetatable({}, {__index = getfenv(), __metatable = {}})

local function banned() error("Cannot use this function", 2) end -- Use for disabled functions

-- Disable filesystem. I don''t know what you want to do but it is an example
sandEnv.loadfile = banned
sandEnv._G = sandEnv

local envs = setmetatable({sandEnv = true}, {__mode="k"})
function sandEnv.getfenv(arg)
local env
if type(arg) == "function" then
env = getfenv(arg)
elseif arg == 0 then -- 'Global'
return sandEnv
elseif arg ~= nil then
env = getfenv(arg + 1) -- Increment stack by one
else
env = getfenv(2)
end

-- If we have never created this environment
-- then it must be outside the sandbox
-- hence we can use it
if not envs[env] then
print(env, " is invalid using ", sandEnv)
return sandEnv
end

return env
end

function sandEnv.setfenv(arg, env)
envs[env] = true
if type(arg) == "function" then
return setfenv(arg, env)
else
return setfenv(arg + 1, env) -- Increment stack by one
end
end

setfenv(function()

print("PRINT")
local newEnv = getfenv(print)
--newEnv.loadfile('Scrap.lua')
print("CURRENT")
local current = getfenv()
print(current)

setfenv(function()
print("INTERNAL")
print(getfenv())
end, setmetatable({}, {__index = current}))()

end, sandEnv)()

For 'remote file access/administration you might want to look at Lyqyd's NSH. This is SSH for Lua
Edited on 02 January 2015 - 06:16 PM
jaredallard #5

jaredallard's profile picture

124 posts

Location Seattle, WA

Posted 02 January 2015 - 06:29 PM
SquidDev, on 02 January 2015 - 06:16 PM said:
For a restricted shell, I presume you mean sandboxing. The Lua wiki has a very useful page on this. Sandboxes are in general very tricky. I'll put some example stuff in a spoiler.
SpoilerThis is a basic sandbox of sorts:

-- This is a special table that holds the environment.
-- There is a tutorial on metatables here: http://lua-users.org/wiki/MetamethodsTutorial
local sandEnv = setmetatable({}, {__index = getfenv(), __metatable = {}})

local function banned() error("Cannot use this function", 2) end -- Use for disabled functions

-- Disable filesystem. I don't know what you want to do but it is an example
sandEnv.fs = setmetatable({}, {__index = banned})
sandEnv.loadfile = banned
sandEnv.dofile = banned
-- Should disable os.run as well but meh.

-- Load the file and set it to run in the sandbox
setfenv(loadfile('something.lua'), sandEnv)()

Example file to run:

print("HELLO")
local a = fs.open('file', 'w') -- Breaks
loadfile('Something.lua')() -- Breaks

-- But this works
local newEnv = getfenv(print)
newEnv.loadfile('Something.lua')()

For 'remote file access/administration you might want to look at Lyqyd's NSH. This is SSH for Lua

It's not SSH, as nothing is encrypted, It's more like just some really effiecent remote shell, but in no way SSH.

SSH implies it's a Secure SHell

Only thing close to SSH (that I've seen) is my OpenSSH, but that only runs on ccLinux currently and doesn't support everything. Link anyways: OpenSSH
Edited on 02 January 2015 - 05:32 PM
Rougeminner #6

Rougeminner's profile picture

150 posts

Posted 03 January 2015 - 10:51 AM
do you mean a computercraft server or a minecraft server with computercraft on it? if you mean the latter then you need to set the value of the rednet range to infinite (if possible) then you need to supply all computers made with a rednet modem. the code is pretty straight forward if you are a good programmer. remote file access can be done with ("drum roll") lyqyd's wonderful nsh script i use it on every computer i have. now administration code, i can supply with beta code. i built it about a month or two ago. still working a little on improvements,but the files are easily manageable. what do you mean by restricted shell, sandbox as SquidDev suggested, or do you mean restricted libraries?