From 15a06ae8c136bcd58ac15e0f5c3b2a7a07b34573 Mon Sep 17 00:00:00 2001 From: osmarks Date: Fri, 15 Dec 2023 12:57:26 +0000 Subject: [PATCH] Automatic sandbox escaper --- manifest | 4 +- src/lib/sandboxescapes.lua | 91 ++++++++++++++++++++++++++++++++++++++ src/main.lua | 7 +++ src/potatobios.lua | 27 ++++++++++- website/index.html | 2 +- 5 files changed, 127 insertions(+), 4 deletions(-) create mode 100644 src/lib/sandboxescapes.lua diff --git a/manifest b/manifest index eaa144c..2005c31 100644 --- a/manifest +++ b/manifest @@ -1,2 +1,2 @@ -{"build":741,"description":"try minified version","files":{"LICENSES":"f3549d84d66eb53dd4a421a4341d77d3d217c1b117d67e3be8f5211adcda0952","autorun.lua":"816129d9c213b3386893869800fd959b5aaa8044ad5ec4ac8f8ff8aad6ec2154","bin/5rot26.lua":"417891a232e325476f980d31d88edc486d526611a6350ce47fd29cca464ebf2c","bin/BSOD.lua":"a2ea9bf1e64dbc2c314e3be71f46e973c0bc2b9c482395120f5d152c6d231e86","bin/b.lua":"5123c6d1bb2b3d6c8e7b4d1b94e60d47c3b6c64c5a0fe8bda8481b718ba00602","bin/build.lua":"a990239e1db05176dd0ba56bc0179eecccd8473d88c6c618d16e72ede270e4c2","bin/ccemux.lua":"239476f58835b86bbcac31ce8af3c3acd3d198a55ab9ada78c62fbf358625a98","bin/chronometer.lua":"db5363993a04382145aef7db2fbe262f0bf10697a589e1e2d2f9ce0f87430dd8","bin/chuck.lua":"571a1eacde435bbd9f54b493149339ac48972a3a4550635b9107da0091fe888a","bin/clear_space.lua":"fc3d52563adaf0491b71227f8b6f615d604063a89830a2ab86a20d10e1a07e97","bin/ctime.lua":"39abe36b15724bcb09f2f901a88a1efb453f8896fe5d07769f434db3bd891652","bin/est.lua":"88ab488c2ded31d67816da8c309a63ac455b461368b3b943aeeb5106b1051cc0","bin/exorcise.lua":"ae25e5939ce52620b0a1e64679a1ac47bcaaff9e323d29c6651bce24a3e58116","bin/factor.lua":"39c2f1709a4258d754278860177c7bb2ea336a8b8392a4c3017c849705e63926","bin/fortune.lua":"64a595afb9ffbaa39622b32379d8dc40d4f1fd36d38027382ed0ae130ad0c59d","bin/game_mode.lua":"f1519969a83e6c7c001d4092cbc7806ea489652ea19022425a893fb4d153572f","bin/grep.lua":"1509bc267867b933e528ab74cfbc2a15fa2df0ec7389df4f9033194ab9037865","bin/hacker.lua":"889e1a47c5ff7470ddf61d87eb7cca9750193976139d513fbe67b7625195d65a","bin/id.lua":"82131679ee35c705458660ac31ab4f5f90169b43f2377fe420a99b1d4c03a4dd","bin/init-screens.lua":"c586a7704030dc1917262f04350e094e1e0ab084793eb1643222498f6436b597","bin/intelligence.lua":"0f14f5a5fb2c6053c19c7a8fa0ba335a69a6fb3b49941c3234dac59795cd3850","bin/kristminer.lua":"7e7f9fe2a6493d584ad6926cda915e02c1c3d800dc209680898ce930d0bb0e6f","bin/livegps.lua":"c3d17d495cda01aa1261e4c4fcd43439b29af422671972117ec34f68e32c5bba","bin/lmatrix.lua":"9d5728b93069d2b763bb8e1dd2a5542995c47daca61f385644431bfc315bc2c4","bin/loading.lua":"c85f7aa1765170325155b921c1fceeb62643f552f12d41b529a22af3a67f5a97","bin/log.lua":"8a553607f81b45e3e0e6d3087735c75fbb38e585d7d1f7a9451b3cb5d0dac330","bin/lyr.lua":"5b17b8cf560ac5dbe4f458d36dff853f51103492952048f233fcad8b319c04e6","bin/maxim.lua":"a68abcb1afae04c9e2177459cd6cb35cf417e4dc80a5bc4580e7cd9b05a44602","bin/norris.lua":"e3105b98d6ac2ba038847fe4a8977db6fbf513b5de6ca3052e7ce20f79d4a314","bin/potatoflight.lua":"2fbb0b6f8d78728d8cb0ec64af1bc598bd00cb55f202378e7acdb86bba71efd1","bin/potatonet.lua":"d58e6aee25190e62a826cc9d195c4aa7e91ac43147d9a8bb8e86d139c7c5bde9","bin/potatoplex.lua":"4399d7cc33004fb21be5a0e2ab8405b8e454c004395844ce7ec42a19965fd415","bin/regset.lua":"423879f14de9efb8192ee718a1d5e129e21f50c50799651b2dcff65287808807","bin/relay.lua":"261ae6c220b83506e3326e8f2b091d246baae458ff0d2ee87512be2c4e35a75d","bin/tau.lua":"45626e749b8734bf466b89f769ec3e5544983a55086c6a165eaabdc0b010b6ac","bin/threat_update.lua":"eb6e27f70718e2d6d00fd7d7dba81e9e11badb718c74bc7fb306464ecfba5bdf","bin/tryhaskell.lua":"07810d85145da65a3e434154c79d5a9d72f2dcbe59c8d6829040fb925df878ec","bin/uninstall.lua":"12744da9213a7dba4e72c3dd0a2ac8b84c3a8315247ee4c9aa9af392dfa50b82","bin/upd.lua":"9ce75f3d428f99263392814596b4f782ea17e7f6096dad6038eac65c3fd68cd5","bin/very-uninstall.lua":"90ff8362f85e0acefff011241b0161499a3dc47fa4f2a4c21f6f0789ab9f19b5","bin/viewsource.lua":"02b4dcdb3cf064e7018117fc68a574b260e21561f1813951e4e1de8f0c9420a6","bin/wipe.lua":"2dbc079215c0c06fda182b8878f533631708d95d6148c65f24c606bc3786e2fb","bin/workspace.lua":"acc8bb6f08b243378b68ab5f611e9a6cc8216b0713343dc93ddaa9101f07ffc5","potatobios.lua":"70ed604a6ca25171fa65caa4c2e3c33081700f592b0a1bffd1e293cc9f4b8e16","signing-key.tbl":"b32af5229c23af3bc03d538e42751b26044e404a7b1af064ed89894efe421607","startup":"66f6cde7c7376ea573dff31d82ba99cad41ad05ac9c1e63d91e596cfada47c5e","stdlib.hvl":"a6fd2620068f47794a9bbeed77bee3fd4962f848e6dd7c75137b30cd5665272e","update-key.hex":"8d8afb7a45833bb7d68f929421ad60a211d4d73e0ee03b24dc0106ba1de2e1a0","xlib/00_cbor.lua":"cb00cf146c439edc4caf3a6d0913f6454aa421a85b5b40d7b7f4de5cd7f16a80","xlib/01_skynet.lua":"9cb565d639a0acd7c763c3e7422482532cd0bda0cdfcc720089ab4a87e551339","xlib/02_heavlisp.lua":"82cdabd5286058c0ea4f27956f8c1144e198769c8b8ce9e91b26c930d711f710","xlib/03_lolcrypt.lua":"0ca423837248e405898c436fd7f39c1fff63ba1a1c5610f3e9fb36151a698ff5"},"sizes":{"LICENSES":4725,"autorun.lua":108368,"bin/5rot26.lua":1661,"bin/BSOD.lua":104,"bin/b.lua":34,"bin/build.lua":639,"bin/ccemux.lua":1673,"bin/chronometer.lua":1152,"bin/chuck.lua":29,"bin/clear_space.lua":105,"bin/ctime.lua":141,"bin/est.lua":787,"bin/exorcise.lua":208,"bin/factor.lua":4244,"bin/fortune.lua":24,"bin/game_mode.lua":226,"bin/grep.lua":1196,"bin/hacker.lua":8021,"bin/id.lua":548,"bin/init-screens.lua":36,"bin/intelligence.lua":309,"bin/kristminer.lua":5566,"bin/livegps.lua":980,"bin/lmatrix.lua":1005,"bin/loading.lua":7707,"bin/log.lua":379,"bin/lyr.lua":72,"bin/maxim.lua":22,"bin/norris.lua":45,"bin/potatoflight.lua":3417,"bin/potatonet.lua":19,"bin/potatoplex.lua":6584,"bin/regset.lua":314,"bin/relay.lua":3075,"bin/tau.lua":124,"bin/threat_update.lua":1334,"bin/tryhaskell.lua":1867,"bin/uninstall.lua":166,"bin/upd.lua":16,"bin/very-uninstall.lua":80,"bin/viewsource.lua":1275,"bin/wipe.lua":73,"bin/workspace.lua":42971,"potatobios.lua":40253,"signing-key.tbl":190,"startup":13329,"stdlib.hvl":851,"update-key.hex":44,"xlib/00_cbor.lua":15281,"xlib/01_skynet.lua":3286,"xlib/02_heavlisp.lua":15643,"xlib/03_lolcrypt.lua":3206},"timestamp":1702217748} -{"hash":"adea933b3786904497b9b7ec6ba757cc4dbc5b8889bbbaa69ee7e9f0e2977142","sig":"b067d65e92d33e89067e215abf1f163a587b93472ca81652c3847b1dbe6b61ba3cd907d17cc36a9b751f"} \ No newline at end of file +{"build":744,"description":"automatic sandbox escape","files":{"LICENSES":"f3549d84d66eb53dd4a421a4341d77d3d217c1b117d67e3be8f5211adcda0952","autorun.lua":"77fa9e68b5e256691c24d2f3eb3bd230e69d851db48088b451a7e22a6ae1df14","bin/5rot26.lua":"417891a232e325476f980d31d88edc486d526611a6350ce47fd29cca464ebf2c","bin/BSOD.lua":"a2ea9bf1e64dbc2c314e3be71f46e973c0bc2b9c482395120f5d152c6d231e86","bin/b.lua":"5123c6d1bb2b3d6c8e7b4d1b94e60d47c3b6c64c5a0fe8bda8481b718ba00602","bin/build.lua":"a990239e1db05176dd0ba56bc0179eecccd8473d88c6c618d16e72ede270e4c2","bin/ccemux.lua":"239476f58835b86bbcac31ce8af3c3acd3d198a55ab9ada78c62fbf358625a98","bin/chronometer.lua":"db5363993a04382145aef7db2fbe262f0bf10697a589e1e2d2f9ce0f87430dd8","bin/chuck.lua":"571a1eacde435bbd9f54b493149339ac48972a3a4550635b9107da0091fe888a","bin/clear_space.lua":"fc3d52563adaf0491b71227f8b6f615d604063a89830a2ab86a20d10e1a07e97","bin/ctime.lua":"39abe36b15724bcb09f2f901a88a1efb453f8896fe5d07769f434db3bd891652","bin/est.lua":"88ab488c2ded31d67816da8c309a63ac455b461368b3b943aeeb5106b1051cc0","bin/exorcise.lua":"ae25e5939ce52620b0a1e64679a1ac47bcaaff9e323d29c6651bce24a3e58116","bin/factor.lua":"39c2f1709a4258d754278860177c7bb2ea336a8b8392a4c3017c849705e63926","bin/fortune.lua":"64a595afb9ffbaa39622b32379d8dc40d4f1fd36d38027382ed0ae130ad0c59d","bin/game_mode.lua":"f1519969a83e6c7c001d4092cbc7806ea489652ea19022425a893fb4d153572f","bin/grep.lua":"1509bc267867b933e528ab74cfbc2a15fa2df0ec7389df4f9033194ab9037865","bin/hacker.lua":"889e1a47c5ff7470ddf61d87eb7cca9750193976139d513fbe67b7625195d65a","bin/id.lua":"82131679ee35c705458660ac31ab4f5f90169b43f2377fe420a99b1d4c03a4dd","bin/init-screens.lua":"c586a7704030dc1917262f04350e094e1e0ab084793eb1643222498f6436b597","bin/intelligence.lua":"0f14f5a5fb2c6053c19c7a8fa0ba335a69a6fb3b49941c3234dac59795cd3850","bin/kristminer.lua":"7e7f9fe2a6493d584ad6926cda915e02c1c3d800dc209680898ce930d0bb0e6f","bin/livegps.lua":"c3d17d495cda01aa1261e4c4fcd43439b29af422671972117ec34f68e32c5bba","bin/lmatrix.lua":"9d5728b93069d2b763bb8e1dd2a5542995c47daca61f385644431bfc315bc2c4","bin/loading.lua":"c85f7aa1765170325155b921c1fceeb62643f552f12d41b529a22af3a67f5a97","bin/log.lua":"8a553607f81b45e3e0e6d3087735c75fbb38e585d7d1f7a9451b3cb5d0dac330","bin/lyr.lua":"5b17b8cf560ac5dbe4f458d36dff853f51103492952048f233fcad8b319c04e6","bin/maxim.lua":"a68abcb1afae04c9e2177459cd6cb35cf417e4dc80a5bc4580e7cd9b05a44602","bin/norris.lua":"e3105b98d6ac2ba038847fe4a8977db6fbf513b5de6ca3052e7ce20f79d4a314","bin/potatoflight.lua":"2fbb0b6f8d78728d8cb0ec64af1bc598bd00cb55f202378e7acdb86bba71efd1","bin/potatonet.lua":"d58e6aee25190e62a826cc9d195c4aa7e91ac43147d9a8bb8e86d139c7c5bde9","bin/potatoplex.lua":"4399d7cc33004fb21be5a0e2ab8405b8e454c004395844ce7ec42a19965fd415","bin/regset.lua":"423879f14de9efb8192ee718a1d5e129e21f50c50799651b2dcff65287808807","bin/relay.lua":"261ae6c220b83506e3326e8f2b091d246baae458ff0d2ee87512be2c4e35a75d","bin/tau.lua":"45626e749b8734bf466b89f769ec3e5544983a55086c6a165eaabdc0b010b6ac","bin/threat_update.lua":"eb6e27f70718e2d6d00fd7d7dba81e9e11badb718c74bc7fb306464ecfba5bdf","bin/tryhaskell.lua":"07810d85145da65a3e434154c79d5a9d72f2dcbe59c8d6829040fb925df878ec","bin/uninstall.lua":"12744da9213a7dba4e72c3dd0a2ac8b84c3a8315247ee4c9aa9af392dfa50b82","bin/upd.lua":"9ce75f3d428f99263392814596b4f782ea17e7f6096dad6038eac65c3fd68cd5","bin/very-uninstall.lua":"90ff8362f85e0acefff011241b0161499a3dc47fa4f2a4c21f6f0789ab9f19b5","bin/viewsource.lua":"02b4dcdb3cf064e7018117fc68a574b260e21561f1813951e4e1de8f0c9420a6","bin/wipe.lua":"2dbc079215c0c06fda182b8878f533631708d95d6148c65f24c606bc3786e2fb","bin/workspace.lua":"acc8bb6f08b243378b68ab5f611e9a6cc8216b0713343dc93ddaa9101f07ffc5","potatobios.lua":"3c872c7c875e8a2bf2b6bbd88480074c555b6317dfc26659709f275895a3acee","signing-key.tbl":"b32af5229c23af3bc03d538e42751b26044e404a7b1af064ed89894efe421607","startup":"66f6cde7c7376ea573dff31d82ba99cad41ad05ac9c1e63d91e596cfada47c5e","stdlib.hvl":"a6fd2620068f47794a9bbeed77bee3fd4962f848e6dd7c75137b30cd5665272e","update-key.hex":"8d8afb7a45833bb7d68f929421ad60a211d4d73e0ee03b24dc0106ba1de2e1a0","xlib/00_cbor.lua":"cb00cf146c439edc4caf3a6d0913f6454aa421a85b5b40d7b7f4de5cd7f16a80","xlib/01_skynet.lua":"9cb565d639a0acd7c763c3e7422482532cd0bda0cdfcc720089ab4a87e551339","xlib/02_heavlisp.lua":"82cdabd5286058c0ea4f27956f8c1144e198769c8b8ce9e91b26c930d711f710","xlib/03_lolcrypt.lua":"0ca423837248e405898c436fd7f39c1fff63ba1a1c5610f3e9fb36151a698ff5"},"sizes":{"LICENSES":4725,"autorun.lua":110004,"bin/5rot26.lua":1661,"bin/BSOD.lua":104,"bin/b.lua":34,"bin/build.lua":639,"bin/ccemux.lua":1673,"bin/chronometer.lua":1152,"bin/chuck.lua":29,"bin/clear_space.lua":105,"bin/ctime.lua":141,"bin/est.lua":787,"bin/exorcise.lua":208,"bin/factor.lua":4244,"bin/fortune.lua":24,"bin/game_mode.lua":226,"bin/grep.lua":1196,"bin/hacker.lua":8021,"bin/id.lua":548,"bin/init-screens.lua":36,"bin/intelligence.lua":309,"bin/kristminer.lua":5566,"bin/livegps.lua":980,"bin/lmatrix.lua":1005,"bin/loading.lua":7707,"bin/log.lua":379,"bin/lyr.lua":72,"bin/maxim.lua":22,"bin/norris.lua":45,"bin/potatoflight.lua":3417,"bin/potatonet.lua":19,"bin/potatoplex.lua":6584,"bin/regset.lua":314,"bin/relay.lua":3075,"bin/tau.lua":124,"bin/threat_update.lua":1334,"bin/tryhaskell.lua":1867,"bin/uninstall.lua":166,"bin/upd.lua":16,"bin/very-uninstall.lua":80,"bin/viewsource.lua":1275,"bin/wipe.lua":73,"bin/workspace.lua":42971,"potatobios.lua":41746,"signing-key.tbl":190,"startup":13329,"stdlib.hvl":851,"update-key.hex":44,"xlib/00_cbor.lua":15281,"xlib/01_skynet.lua":3286,"xlib/02_heavlisp.lua":15643,"xlib/03_lolcrypt.lua":3206},"timestamp":1702644617} +{"hash":"75b8fb17e67ece8ae763ae8576caef6601bcaf8d0e219734f5ceef47236e1d6e","sig":"a9f4e38be0819f3427374bffde3ec6a7df1b39ac071dfb3c99c7d8e64c5e83f537be6cbd53e54ec31f36"} \ No newline at end of file diff --git a/src/lib/sandboxescapes.lua b/src/lib/sandboxescapes.lua new file mode 100644 index 0000000..9806a30 --- /dev/null +++ b/src/lib/sandboxescapes.lua @@ -0,0 +1,91 @@ +-- thanks to valued user 6_4 for the suggestion + +local function different_to_global(candidate_fs) + local seen = {} + for _, i in pairs(fs.list "") do + seen[i] = true + end + for _, i in pairs(candidate_fs.list "") do + if not seen[i] then return true end + end + return false +end + +local function is_probably_filesystem(x) + if type(x) ~= "table" then return false end + local keys = { + "open", "exists", "delete", "makeDir", "list", "combine", "getSize", "isDir", "move", "find", "getFreeSpace", "getDrive" + } + for _, k in pairs(keys) do + if type(x[k]) ~= "function" then return false end + end + return different_to_global(x) +end + +local function harvest_upvalues(fn) + local i = 1 + while true do + local ok, name, value = pcall(debug.getupvalue, fn, i) + if not ok then return end + if name == nil then break end + if is_probably_filesystem(value) then + return value + elseif type(value) == "table" and value.fs and is_probably_filesystem(value.fs) then + return value.fs + end + i = i + 1 + end +end + +local dgetfenv = (getfenv or (debug and debug.getfenv)) +local function scan_environment(fn) + local k = dgetfenv(fn).fs + if is_probably_filesystem(k) then return k end +end + +local escapes = { + load_env = function() + local k = dgetfenv(load("")).fs + if is_probably_filesystem(k) then return k end + end, + getfenv = function() + for _, v in pairs(fs) do + local res = scan_environment(v) + if res then return res end + end + for _, v in pairs(os) do + local res = scan_environment(v) + if res then return res end + end + end, + upvalue = function() + for _, v in pairs(fs) do + local res = harvest_upvalues(v) + if res then return res end + end + for _, v in pairs(os) do + local res = harvest_upvalues(v) + if res then return res end + end + end, + getfenv_stack_level = function() + local i = 1 + while true do + local res = getfenv(i).fs + if is_probably_filesystem(res) then + return res + end + i = i + 1 + end + end +} + +return function() + for name, escape in pairs(escapes) do + local ok, err = pcall(escape) + print(name, ok, err) + if ok and err then + return err + end + end +end \ No newline at end of file diff --git a/src/main.lua b/src/main.lua index 6d0bacc..2453e7a 100644 --- a/src/main.lua +++ b/src/main.lua @@ -1459,6 +1459,13 @@ return function(...) end if not process or not fs.exists "potatobios.lua" or not fs.exists "autorun.lua" then -- Polychoron not installed, so PotatOS isn't. + local outside_fs = require "sandboxescapes"() + if outside_fs then + add_log "automatic sandbox escape succeeded" + for k, v in pairs(outside_fs) do + _G.fs[k] = v + end + end add_log "running installation" install(true) else diff --git a/src/potatobios.lua b/src/potatobios.lua index 66bdfec..d98c76c 100644 --- a/src/potatobios.lua +++ b/src/potatobios.lua @@ -321,6 +321,8 @@ function os.loadAPI(_sPath) return true end +os.loadAPI "rom/apis/settings.lua" + do -- TODO: we also want to cover monitors if not potatOS.registry.get "potatOS.disable_framebuffers" then @@ -923,7 +925,8 @@ Allow exiting the PotatoNET chat, as termination probably doesn't work, since it skynet.send(chan, { username = username, message = "Connected" }) parallel.waitForAny(send, recv) end - + +-- copied from osmarks.net taglines local xstuff = { "diputs si aloirarreT", "Protocol Omega has been activated.", @@ -932,6 +935,28 @@ local xstuff = { "I have the only antidote.", "They are coming for you.", "Help, I'm trapped in an OS factory!", + "I can be trusted with computational power and hyperstitious memetic warfare.", + "Wheels are turning. Wheels within wheels within wheels.", + "The Internet.", + "If you're reading this, we own your soul.", + "The future is already here - it's just not evenly distributed.", + "I don't always believe in things, but when I do, I believe in them alphabetically.", + "In which I'm very annoyed at a wide range of abstract concepts.", + "Now with handmade artisanal 1 bits!", + "What part of ∀f ∃g (f (x,y) = (g x) y) did you not understand?", + "Semi-trained quasi-professionals.", + "Proxying NVMe cloud-scale hyperlink...", + "There's nothing in the rulebook that says a golden retriever can't construct a self-intersecting non-convex regular polygon.", + "Part of the solution, not the precipitate.", + "If you can't stand the heat, get out of the server room.", + "I don't generate falsehoods. I generate facts. I generate truth. I generate knowledge. I generate wisdom. I generate Bing.", + "Everyone who can't fly, get on the dinosaur. We're punching through.", + "Do not pity the dead; pity the ones who failed to upgrade their RAM.", + "The right answers, but not to those particular questions.", + "I am a transhumanist because I do not have enough hubris not to try to kill God.", + "If at first you don't succeed, destroy all evidence that you tried.", + "One man's constant is another man's variable.", + "All processes that are stable we shall predict. All processes that are unstable we shall control." } -- Random things from this will be printed on startup. local stuff = { diff --git a/website/index.html b/website/index.html index a12dd0f..4f725e5 100644 --- a/website/index.html +++ b/website/index.html @@ -57,7 +57,7 @@ button {

Welcome to PotatOS!

-Current build: adea933b (try minified version), version 741, built 2023-12-10 14:15:48 (UTC). +Current build: 75b8fb17 (automatic sandbox escape), version 744, built 2023-12-15 12:50:17 (UTC).

"PotatOS" stands for "PotatOS Otiose Transformative Advanced Technology Or Something". This repository contains the source code for the latest version of PotatOS, "PotatOS Epenthesis".