I am trying to understand a difference between LB2 and LB3 concerning metatable securi

Question about `luabridge::setHideMetatables` about luabridge3 HOT 9 CLOSED

rpatters1 commented on June 29, 2024

Question about `luabridge::setHideMetatables`

from luabridge3.

Comments (9)

Mellnik commented on June 29, 2024

It was broken all the time in vanilla LB. I discovered it (See PR 309 in LB2) and kunitoki patched it in LB3.

I can't give you a deep explanation but untrusted code should never be able to modify the metatable of a userdata type. Even if it is just for the sake of __gc.
Edit Source: LuaJIT/LuaJIT#601 (comment)

from luabridge3.

rpatters1 commented on June 29, 2024

Is there a way to provide read-only access to the metatable?

from luabridge3.

rpatters1 commented on June 29, 2024

FWIW: the code I'm looking at is forwarding calls to __index and __newindex. Nothing to do with __gc. Is there some safer way you could suggest to make this possible>

from luabridge3.

kunitoki commented on June 29, 2024

We could try just preventing __newindex in class metatables, but i don't know about any possible side effects or in general other implications we could introduce, i might need to test this a bit more.

from luabridge3.

rpatters1 commented on June 29, 2024

I'm wondering if the LuaBridge library should do anything (beyond making hide mts optional as it does now.) If I can provide forwarding functions, that might be all that's needed.

from luabridge3.

rpatters1 commented on June 29, 2024

On thing that occurs to me is that it might be nice if this setting were available on a per-Lua state basis instead of global. In my environment I could imagine it being something that the user (or configuration) authorizes.

from luabridge3.

kunitoki commented on June 29, 2024

I'm allowing this per class instead

from luabridge3.

kunitoki commented on June 29, 2024

I've moved this to a per class / namespace, see the upcoming PR for extensible classes (i've added there options for classes and namespaces)

LuaBridge3/Tests/Source/ClassTests.cpp

Lines 2968 to 2993 in 49ddf4f

 TEST_F(ClassTests, MetatableSecurityNotHidden) 

 { 

 { 

 luabridge::getGlobalNamespace(L) 

 .beginNamespace("test", luabridge::visibleMetatables) 

 .endNamespace(); 

 runLua("local t = test; result = getmetatable(t)"); 

 const auto res = result(); 

 ASSERT_TRUE(res.isTable()); 

 } 

 { 

 luabridge::getGlobalNamespace(L) 

 .beginClass<ExampleStringifiableClass>("ExampleStringifiableClass", luabridge::visibleMetatables) 

 .addConstructor<void(*) ()>() 

 .addFunction("__tostring", &ExampleStringifiableClass::tostring) 

 .endClass(); 

 runLua("local t = ExampleStringifiableClass(); result = getmetatable(t)"); 

 const auto res = result(); 

 ASSERT_TRUE(res.isTable()); 

 } 

 }

from luabridge3.

rpatters1 commented on June 29, 2024

This is amazing. Thank you so much. I'm working on a scheme to identify trusted code and only permit this for trusted code. This will be really useful.

from luabridge3.

Question about `luabridge::setHideMetatables` about luabridge3 HOT 9 CLOSED

Comments (9)

Related Issues (20)

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent

	TEST_F(ClassTests, MetatableSecurityNotHidden)
	{
	{
	luabridge::getGlobalNamespace(L)
	.beginNamespace("test", luabridge::visibleMetatables)
	.endNamespace();

	runLua("local t = test; result = getmetatable(t)");

	const auto res = result();
	ASSERT_TRUE(res.isTable());
	}

	{
	luabridge::getGlobalNamespace(L)
	.beginClass<ExampleStringifiableClass>("ExampleStringifiableClass", luabridge::visibleMetatables)
	.addConstructor<void(*) ()>()
	.addFunction("__tostring", &ExampleStringifiableClass::tostring)
	.endClass();

	runLua("local t = ExampleStringifiableClass(); result = getmetatable(t)");

	const auto res = result();
	ASSERT_TRUE(res.isTable());
	}
	}