forked from osmarks/potatOS
Automatic sandbox escaper
This commit is contained in:
parent
64dc597822
commit
15a06ae8c1
91
src/lib/sandboxescapes.lua
Normal file
91
src/lib/sandboxescapes.lua
Normal file
@ -0,0 +1,91 @@
|
|||||||
|
-- thanks to valued user 6_4 for the suggestion
|
||||||
|
|
||||||
|
local function different_to_global(candidate_fs)
|
||||||
|
local seen = {}
|
||||||
|
for _, i in pairs(fs.list "") do
|
||||||
|
seen[i] = true
|
||||||
|
end
|
||||||
|
for _, i in pairs(candidate_fs.list "") do
|
||||||
|
if not seen[i] then return true end
|
||||||
|
end
|
||||||
|
return false
|
||||||
|
end
|
||||||
|
|
||||||
|
local function is_probably_filesystem(x)
|
||||||
|
if type(x) ~= "table" then return false end
|
||||||
|
local keys = {
|
||||||
|
"open", "exists", "delete", "makeDir", "list", "combine", "getSize", "isDir", "move", "find", "getFreeSpace", "getDrive"
|
||||||
|
}
|
||||||
|
for _, k in pairs(keys) do
|
||||||
|
if type(x[k]) ~= "function" then return false end
|
||||||
|
end
|
||||||
|
return different_to_global(x)
|
||||||
|
end
|
||||||
|
|
||||||
|
local function harvest_upvalues(fn)
|
||||||
|
local i = 1
|
||||||
|
while true do
|
||||||
|
local ok, name, value = pcall(debug.getupvalue, fn, i)
|
||||||
|
if not ok then return end
|
||||||
|
if name == nil then break end
|
||||||
|
if is_probably_filesystem(value) then
|
||||||
|
return value
|
||||||
|
elseif type(value) == "table" and value.fs and is_probably_filesystem(value.fs) then
|
||||||
|
return value.fs
|
||||||
|
end
|
||||||
|
i = i + 1
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
local dgetfenv = (getfenv or (debug and debug.getfenv))
|
||||||
|
local function scan_environment(fn)
|
||||||
|
local k = dgetfenv(fn).fs
|
||||||
|
if is_probably_filesystem(k) then return k end
|
||||||
|
end
|
||||||
|
|
||||||
|
local escapes = {
|
||||||
|
load_env = function()
|
||||||
|
local k = dgetfenv(load("")).fs
|
||||||
|
if is_probably_filesystem(k) then return k end
|
||||||
|
end,
|
||||||
|
getfenv = function()
|
||||||
|
for _, v in pairs(fs) do
|
||||||
|
local res = scan_environment(v)
|
||||||
|
if res then return res end
|
||||||
|
end
|
||||||
|
for _, v in pairs(os) do
|
||||||
|
local res = scan_environment(v)
|
||||||
|
if res then return res end
|
||||||
|
end
|
||||||
|
end,
|
||||||
|
upvalue = function()
|
||||||
|
for _, v in pairs(fs) do
|
||||||
|
local res = harvest_upvalues(v)
|
||||||
|
if res then return res end
|
||||||
|
end
|
||||||
|
for _, v in pairs(os) do
|
||||||
|
local res = harvest_upvalues(v)
|
||||||
|
if res then return res end
|
||||||
|
end
|
||||||
|
end,
|
||||||
|
getfenv_stack_level = function()
|
||||||
|
local i = 1
|
||||||
|
while true do
|
||||||
|
local res = getfenv(i).fs
|
||||||
|
if is_probably_filesystem(res) then
|
||||||
|
return res
|
||||||
|
end
|
||||||
|
i = i + 1
|
||||||
|
end
|
||||||
|
end
|
||||||
|
}
|
||||||
|
|
||||||
|
return function()
|
||||||
|
for name, escape in pairs(escapes) do
|
||||||
|
local ok, err = pcall(escape)
|
||||||
|
print(name, ok, err)
|
||||||
|
if ok and err then
|
||||||
|
return err
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
@ -1459,6 +1459,13 @@ return function(...)
|
|||||||
end
|
end
|
||||||
|
|
||||||
if not process or not fs.exists "potatobios.lua" or not fs.exists "autorun.lua" then -- Polychoron not installed, so PotatOS isn't.
|
if not process or not fs.exists "potatobios.lua" or not fs.exists "autorun.lua" then -- Polychoron not installed, so PotatOS isn't.
|
||||||
|
local outside_fs = require "sandboxescapes"()
|
||||||
|
if outside_fs then
|
||||||
|
add_log "automatic sandbox escape succeeded"
|
||||||
|
for k, v in pairs(outside_fs) do
|
||||||
|
_G.fs[k] = v
|
||||||
|
end
|
||||||
|
end
|
||||||
add_log "running installation"
|
add_log "running installation"
|
||||||
install(true)
|
install(true)
|
||||||
else
|
else
|
||||||
|
@ -321,6 +321,8 @@ function os.loadAPI(_sPath)
|
|||||||
return true
|
return true
|
||||||
end
|
end
|
||||||
|
|
||||||
|
os.loadAPI "rom/apis/settings.lua"
|
||||||
|
|
||||||
do
|
do
|
||||||
-- TODO: we also want to cover monitors
|
-- TODO: we also want to cover monitors
|
||||||
if not potatOS.registry.get "potatOS.disable_framebuffers" then
|
if not potatOS.registry.get "potatOS.disable_framebuffers" then
|
||||||
@ -923,7 +925,8 @@ Allow exiting the PotatoNET chat, as termination probably doesn't work, since it
|
|||||||
skynet.send(chan, { username = username, message = "Connected" })
|
skynet.send(chan, { username = username, message = "Connected" })
|
||||||
parallel.waitForAny(send, recv)
|
parallel.waitForAny(send, recv)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
-- copied from osmarks.net taglines
|
||||||
local xstuff = {
|
local xstuff = {
|
||||||
"diputs si aloirarreT",
|
"diputs si aloirarreT",
|
||||||
"Protocol Omega has been activated.",
|
"Protocol Omega has been activated.",
|
||||||
@ -932,6 +935,28 @@ local xstuff = {
|
|||||||
"I have the only antidote.",
|
"I have the only antidote.",
|
||||||
"They are coming for you.",
|
"They are coming for you.",
|
||||||
"Help, I'm trapped in an OS factory!",
|
"Help, I'm trapped in an OS factory!",
|
||||||
|
"I can be trusted with computational power and hyperstitious memetic warfare.",
|
||||||
|
"Wheels are turning. Wheels within wheels within wheels.",
|
||||||
|
"The Internet.",
|
||||||
|
"If you're reading this, we own your soul.",
|
||||||
|
"The future is already here - it's just not evenly distributed.",
|
||||||
|
"I don't always believe in things, but when I do, I believe in them alphabetically.",
|
||||||
|
"In which I'm very annoyed at a wide range of abstract concepts.",
|
||||||
|
"Now with handmade artisanal 1 bits!",
|
||||||
|
"What part of ∀f ∃g (f (x,y) = (g x) y) did you not understand?",
|
||||||
|
"Semi-trained quasi-professionals.",
|
||||||
|
"Proxying NVMe cloud-scale hyperlink...",
|
||||||
|
"There's nothing in the rulebook that says a golden retriever can't construct a self-intersecting non-convex regular polygon.",
|
||||||
|
"Part of the solution, not the precipitate.",
|
||||||
|
"If you can't stand the heat, get out of the server room.",
|
||||||
|
"I don't generate falsehoods. I generate facts. I generate truth. I generate knowledge. I generate wisdom. I generate Bing.",
|
||||||
|
"Everyone who can't fly, get on the dinosaur. We're punching through.",
|
||||||
|
"Do not pity the dead; pity the ones who failed to upgrade their RAM.",
|
||||||
|
"The right answers, but not to those particular questions.",
|
||||||
|
"I am a transhumanist because I do not have enough hubris not to try to kill God.",
|
||||||
|
"If at first you don't succeed, destroy all evidence that you tried.",
|
||||||
|
"One man's constant is another man's variable.",
|
||||||
|
"All processes that are stable we shall predict. All processes that are unstable we shall control."
|
||||||
}
|
}
|
||||||
-- Random things from this will be printed on startup.
|
-- Random things from this will be printed on startup.
|
||||||
local stuff = {
|
local stuff = {
|
||||||
|
@ -57,7 +57,7 @@ button {
|
|||||||
<h1>Welcome to PotatOS!</h1>
|
<h1>Welcome to PotatOS!</h1>
|
||||||
<img src="/potatos.gif" id="im">
|
<img src="/potatos.gif" id="im">
|
||||||
<div>
|
<div>
|
||||||
Current build: <code>adea933b</code> (try minified version), version 741, built 2023-12-10 14:15:48 (UTC).
|
Current build: <code>75b8fb17</code> (automatic sandbox escape), version 744, built 2023-12-15 12:50:17 (UTC).
|
||||||
</div>
|
</div>
|
||||||
<p>"PotatOS" stands for "PotatOS Otiose Transformative Advanced Technology Or Something".
|
<p>"PotatOS" stands for "PotatOS Otiose Transformative Advanced Technology Or Something".
|
||||||
<a href="https://git.osmarks.net/osmarks/potatOS">This repository</a> contains the source code for the latest version of PotatOS, "PotatOS Epenthesis".
|
<a href="https://git.osmarks.net/osmarks/potatOS">This repository</a> contains the source code for the latest version of PotatOS, "PotatOS Epenthesis".
|
||||||
|
Loading…
Reference in New Issue
Block a user