95 posts
Location
Somewhere near the local computer store?
Posted 26 December 2012 - 04:25 PM
Hello, I'm trying to create a environment for os.run, but it won't operate as a blacklist/whitelist. So my question is how do I setup a blacklist/whitelist enviroment where I can include/un-include APIS and functions, Thanks…
1548 posts
Location
That dark shadow under your bed...
Posted 26 December 2012 - 07:10 PM
well os.run accepts two parameters. the first is the program's environment and the second is the program path, if something is not found in the environment you specified it tries the global one so all you have to do is make a value in your environment for the apis you want to ban. here is an example
create a file. call it test. the contents will be
term.write("this is a test message")
execute the file and make sure "this is a test message" shows, then try saying
os.run({term={}},"test")
it will say that on line one you attempted to call nil because now term is an empty table so term.write is nil
95 posts
Location
Somewhere near the local computer store?
Posted 27 December 2012 - 11:32 AM
Thank you very much KaoS, this was very helpful. Now all my programs can have an execution enviroment inside my os and other (user-made) programs are limited. And how could I make a system-level only function that any-program can access. Like my program can call execution.allowFullEnviroment() and have access to the full enviroment, but the other user-made program can't. Also if I block the fs and IO api's and I make a function for read/write temporary files (that use the fs or IO functions) be blocked? Thanks again :)/>
95 posts
Location
Somewhere near the local computer store?
Posted 27 December 2012 - 12:04 PM
Hello, i've made a topic before asking about something similar to this. But my question is now, how do I not allow an API except certain functions in it.
env = {}
env.term = {}
os.run(env, programName)
this makes an entire api obsolete. Say i want term.write(), well that makes term.write() obsolete to. So how do I include term.write() but nothing else?
*term api used as an example
1688 posts
Location
'MURICA
Posted 27 December 2012 - 12:15 PM
Just define the term.write function in your "fake" environment.
env = {
term = {
write = term.write;
}
}
os.run(env, programName)
95 posts
Location
Somewhere near the local computer store?
Posted 27 December 2012 - 12:20 PM
Thank you!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
8543 posts
Posted 27 December 2012 - 02:02 PM
Don't post two topics for the same question, please. Threads merged.
1548 posts
Location
That dark shadow under your bed...
Posted 27 December 2012 - 10:08 PM
there is no way to merge the two environments without overwriting the local changes and replacing them with global changes… you can add a system to edit metatables of the environment during execution etc but the only thing I would do in your case is make a function that returns _G (you should always block _G in your environment or they can just say _G.term.clear() to access banned apis). so you call this function and it returns the _G table which contains everything
so if the function was called getGlobal() then to access hidden APIS you would say
getGlobal().term.restore()
I am not entirely sure where you are going with this though. I would just launch some files with a custom environment blocking stuff and launch other files with the full environment
EDIT: wait a second…. if you would execute this admin rights thing right at the start of the program I can make it work
Edited on 27 December 2012 - 09:10 PM
95 posts
Location
Somewhere near the local computer store?
Posted 28 December 2012 - 07:31 AM
Ok, thats pretty much what i'm doing KaoS. Whenever I need to execute a program, I just call a custom API (called execute and the function is run(sProgramName), And this would allow me to execute through-out all the OS without having to rewrite the enviroment everytime. Now say a program calls a blocked function, it will error nil and stop, so will calling os.run({}, MyMainThreadForOS) after fix the problem with the program stoping the whole OS? Also, I would want a full eniroment for OS files, but I can't do
if sProgramName == "OsFile"
Because then a maliciuos developer coul just over-write it (make a program named the same as an OS file in the system directory). To fix this I could block access to modifying system, but, how do I do this?