Lua setfenv/metatable sandbox won't work with ROBLOX methods -


in roblox lua, i'm writing game involves users creating , running lua scripts. obviously, need prevent use of services , functions, such kick function on player class, or related datastore or teleportservice.

so far, i've been successful @ making sandboxed environment using setfenv set function's environment metatable, attached "sandbox" table. on __index, if nothing found in sandbox table, looks in real environment would. allows me put fake functions in sandbox table used instead of real counterparts.

however, let's sandboxed clearallchildren function. players escape sandbox doing this:

someobject.parent.someobject:clearallchildren()

this because getting instance's parent gives them real version opposed sandboxed version. flaw can pulled off many other ways, too.

so made object wrapper. calling wrap(obj) on instance returns fake version created newproxy(true). __index of metatable makes sure child of object (or instance property such parent) return wrapped version.

my issue way have wrapper set up. attempting call method on object inside sandbox, this:

x = someobject:getchildren()

results in following error:

expected ':' not '.' calling member function getchildren

here's full code sandbox currently:

local _env = getfenv(); -- main environment  -- custom object wrapper function wrap(obj)     if pcall(function() return obj.isa end) -- hacky way make sure it's real         local realobj = obj;         local fakeobj = newproxy(true);         local meta = getmetatable(fakeobj);         meta['__index'] = function(_, key)             -- todo: logic here sandbox wrapped objects             return wrap(realobj[key]) -- source of method problem         end;         meta['__tostring'] = function()             return realobj.name or realobj;         end;         meta['__metatable'] = "locked";         return fakeobj;     else         return obj;     end; end;  -- sandbox table (fake objects/functions) local sandbox = {     game = wrap(game);     game = wrap(game);     workspace = wrap(workspace);     workspace = wrap(workspace);     script = wrap(script);     instance = {         new = function(a, b)             return wrap(instance.new(a, b))         end;     }; };  -- sandboxed function function run()     print(script.parent:getchildren())     print(script.parent)     script.parent:clearallchildren() end;  -- setting function environment setfenv(run, setmetatable(sandbox, {__index = _env;}));  run();

how can fix this?


Comments

Post a Comment

Popular posts from this blog

shopping cart - Page redirect not working PHP -

im trying redirect user when click "empty cart". redirect working "add cart" not "empty cart". ideas great. in main .php file set current url seen $current_url = base64_encode("http://$_server[http_host]$_server[request_uri]"); then below cartaction.php file handles actions such "add cart" , "empty cart" <?php session_start(); include_once 'config.php'; //add item in shopping cart if(isset($_post["add"])) { $product_id = $_post["product_id"]; //product id $return_url = base64_decode($_post["return_url"]); //return url $qty = $_post["qty"]; $product = $mysqli->query("select product_name, unit_price, unit_quantity products product_id = '$product_id'"); $obj = $product->fetch_object(); if(!isset($_session['products'])) { $_session['products'] = array(); } if(array_key_exists($product_id...
Read more

php - How to modify a menu to show sub-menus -

i have custom php menu made person, displays categories menu. however, need display subcategories well. tried adding hierarchical parameter didn't work. hoping assistance! here code: <ul> <?php /* categories wp e-commerce products */ $wpec_product_categories = get_terms( 'wpsc_product_category', 'hide_empty=0&parent=0&exclude=298'); $myarray = array(); foreach($wpec_product_categories $wpec_categories){ $myarray[$wpec_categories->term_id]['name'] = $wpec_categories->name; $myarray[$wpec_categories->term_id]['slug'] = $wpec_categories->slug; $myarray[$wpec_categories->term_id]['term_id'] = $wpec_categories->term_id; } foreach($myarray $wpec_categories1){ $wpec_term_name = $wpec_categories1['name']; $wpec_term_slug = $wpec_categories1['slug']; $wpec_term_id = $wpec_categories1['term_id']; echo '<li> <a href="'.get_page_link(19)....
Read more

python - Installing PyDev in eclipse is failed -

unable read repository @ http://pydev.sf.net/updates/content.xml. sun.security.validator.validatorexception: pkix path building failed: sun.security.provider.certpath.suncertpathbuilderexception: unable find valid certification path requested target i installing pydev in eclipse using python, doesn't install successfully. gives above error. happened? how solve error? i had error when trying install on laptop behind corporate firewall. couldn't tell setup of firewall, not sure of root cause. i got passed error installing pydev eclipse when out behind firewall. another way got around have eclipse on non-firewalled machine, install pydev eclipse, , copy whole eclipse directory non-firewalled machine firewalled machine. there better way, , way fix properly, didn't have time work out firewall doing. this on windows 7 machine (yeah know) not work *nix versions installed through package manager yum or apt.
Read more