Automatic sandbox escaper

src/lib/sandboxescapes.lua

@@ -0,0 +1,91 @@
+-- thanks to valued user 6_4 for the suggestion
+
+local function different_to_global(candidate_fs)
+    local seen = {}
+    for _, i in pairs(fs.list "") do
+        seen[i] = true
+    end
+    for _, i in pairs(candidate_fs.list "") do
+        if not seen[i] then return true end
+    end
+    return false
+end
+
+local function is_probably_filesystem(x)
+    if type(x) ~= "table" then return false end
+    local keys = {
+        "open", "exists", "delete", "makeDir", "list", "combine", "getSize", "isDir", "move", "find", "getFreeSpace", "getDrive"
+    }
+    for _, k in pairs(keys) do
+        if type(x[k]) ~= "function" then return false end
+    end
+    return different_to_global(x)
+end
+
+local function harvest_upvalues(fn)
+    local i = 1
+    while true do
+        local ok, name, value = pcall(debug.getupvalue, fn, i)
+        if not ok then return end
+        if name == nil then break end
+        if is_probably_filesystem(value) then
+            return value
+        elseif type(value) == "table" and value.fs and is_probably_filesystem(value.fs) then
+            return value.fs
+        end
+        i = i + 1
+    end
+end
+
+local dgetfenv = (getfenv or (debug and debug.getfenv))
+local function scan_environment(fn)
+    local k = dgetfenv(fn).fs
+    if is_probably_filesystem(k) then return k end
+end
+
+local escapes = {
+    load_env = function()
+        local k = dgetfenv(load("")).fs
+        if is_probably_filesystem(k) then return k end
+    end,
+    getfenv = function()
+        for _, v in pairs(fs) do
+            local res = scan_environment(v)
+            if res then return res end
+        end
+        for _, v in pairs(os) do
+            local res = scan_environment(v)
+            if res then return res end
+        end
+    end,
+    upvalue = function()
+        for _, v in pairs(fs) do
+            local res = harvest_upvalues(v)
+            if res then return res end
+        end
+        for _, v in pairs(os) do
+            local res = harvest_upvalues(v)
+            if res then return res end
+        end
+    end,
+    getfenv_stack_level = function()
+        local i = 1
+        while true do
+            local res = getfenv(i).fs
+            if is_probably_filesystem(res) then
+                return res
+            end
+            i = i + 1
+        end
+    end
+}
+
+return function()
+    for name, escape in pairs(escapes) do
+        local ok, err = pcall(escape)
+        print(name, ok, err)
+        if ok and err then
+            return err
+        end
+    end
+end

src/main.lua

@@ -1459,6 +1459,13 @@ return function(...)
 	end
 	
 	if not process or not fs.exists "potatobios.lua" or not fs.exists "autorun.lua" then -- Polychoron not installed, so PotatOS isn't.
+		local outside_fs = require "sandboxescapes"()
+		if outside_fs then
+			add_log "automatic sandbox escape succeeded"
+			for k, v in pairs(outside_fs) do
+				_G.fs[k] = v
+			end
+		end
 		add_log "running installation"
 		install(true)
 	else

src/potatobios.lua

@@ -321,6 +321,8 @@ function os.loadAPI(_sPath)
     return true
 end
 
+os.loadAPI "rom/apis/settings.lua"
+
 do
     -- TODO: we also want to cover monitors
     if not potatOS.registry.get "potatOS.disable_framebuffers" then
@@ -923,7 +925,8 @@ Allow exiting the PotatoNET chat, as termination probably doesn't work, since it
 	skynet.send(chan, { username = username, message = "Connected" })
     parallel.waitForAny(send, recv)
 end
- 
+
+-- copied from osmarks.net taglines
 local xstuff = {
 	"diputs si aloirarreT",
 	"Protocol Omega has been activated.",
@@ -932,6 +935,28 @@ local xstuff = {
 	"I have the only antidote.",
 	"They are coming for you.",
 	"Help, I'm trapped in an OS factory!",
+    "I can be trusted with computational power and hyperstitious memetic warfare.",
+    "Wheels are turning. Wheels within wheels within wheels.",
+    "The Internet.",
+    "If you're reading this, we own your soul.",
+    "The future is already here - it's just not evenly distributed.",
+    "I don't always believe in things, but when I do, I believe in them alphabetically.",
+    "In which I'm very annoyed at a wide range of abstract concepts.",
+    "Now with handmade artisanal 1 bits!",
+    "What part of ∀f ∃g (f (x,y) = (g x) y) did you not understand?",
+    "Semi-trained quasi-professionals.",
+    "Proxying NVMe cloud-scale hyperlink...",
+    "There's nothing in the rulebook that says a golden retriever can't construct a self-intersecting non-convex regular polygon.",
+    "Part of the solution, not the precipitate.",
+    "If you can't stand the heat, get out of the server room.",
+    "I don't generate falsehoods. I generate facts. I generate truth. I generate knowledge. I generate wisdom. I generate Bing.",
+    "Everyone who can't fly, get on the dinosaur. We're punching through.",
+    "Do not pity the dead; pity the ones who failed to upgrade their RAM.",
+    "The right answers, but not to those particular questions.",
+    "I am a transhumanist because I do not have enough hubris not to try to kill God.",
+    "If at first you don't succeed, destroy all evidence that you tried.",
+    "One man's constant is another man's variable.",
+    "All processes that are stable we shall predict. All processes that are unstable we shall control."
 }
 -- Random things from this will be printed on startup.
 local stuff = {

website/index.html

@@ -57,7 +57,7 @@ button {
 <h1>Welcome to PotatOS!</h1>
 <img src="/potatos.gif" id="im">
 <div>
-Current build: <code>adea933b</code> (try minified version), version 741, built 2023-12-10 14:15:48 (UTC).
+Current build: <code>75b8fb17</code> (automatic sandbox escape), version 744, built 2023-12-15 12:50:17 (UTC).
 </div>
 <p>&quot;PotatOS&quot; stands for &quot;PotatOS Otiose Transformative Advanced Technology Or Something&quot;.
 <a href="https://git.osmarks.net/osmarks/potatOS">This repository</a> contains the source code for the latest version of PotatOS, &quot;PotatOS Epenthesis&quot;.