Automatic sandbox escaper

This commit is contained in:
osmarks 2023-12-15 12:57:26 +00:00
parent 64dc597822
commit 15a06ae8c1
5 changed files with 127 additions and 4 deletions

File diff suppressed because one or more lines are too long

View File

@ -0,0 +1,91 @@
-- thanks to valued user 6_4 for the suggestion
local function different_to_global(candidate_fs)
local seen = {}
for _, i in pairs(fs.list "") do
seen[i] = true
end
for _, i in pairs(candidate_fs.list "") do
if not seen[i] then return true end
end
return false
end
local function is_probably_filesystem(x)
if type(x) ~= "table" then return false end
local keys = {
"open", "exists", "delete", "makeDir", "list", "combine", "getSize", "isDir", "move", "find", "getFreeSpace", "getDrive"
}
for _, k in pairs(keys) do
if type(x[k]) ~= "function" then return false end
end
return different_to_global(x)
end
local function harvest_upvalues(fn)
local i = 1
while true do
local ok, name, value = pcall(debug.getupvalue, fn, i)
if not ok then return end
if name == nil then break end
if is_probably_filesystem(value) then
return value
elseif type(value) == "table" and value.fs and is_probably_filesystem(value.fs) then
return value.fs
end
i = i + 1
end
end
local dgetfenv = (getfenv or (debug and debug.getfenv))
local function scan_environment(fn)
local k = dgetfenv(fn).fs
if is_probably_filesystem(k) then return k end
end
local escapes = {
load_env = function()
local k = dgetfenv(load("")).fs
if is_probably_filesystem(k) then return k end
end,
getfenv = function()
for _, v in pairs(fs) do
local res = scan_environment(v)
if res then return res end
end
for _, v in pairs(os) do
local res = scan_environment(v)
if res then return res end
end
end,
upvalue = function()
for _, v in pairs(fs) do
local res = harvest_upvalues(v)
if res then return res end
end
for _, v in pairs(os) do
local res = harvest_upvalues(v)
if res then return res end
end
end,
getfenv_stack_level = function()
local i = 1
while true do
local res = getfenv(i).fs
if is_probably_filesystem(res) then
return res
end
i = i + 1
end
end
}
return function()
for name, escape in pairs(escapes) do
local ok, err = pcall(escape)
print(name, ok, err)
if ok and err then
return err
end
end
end

View File

@ -1459,6 +1459,13 @@ return function(...)
end end
if not process or not fs.exists "potatobios.lua" or not fs.exists "autorun.lua" then -- Polychoron not installed, so PotatOS isn't. if not process or not fs.exists "potatobios.lua" or not fs.exists "autorun.lua" then -- Polychoron not installed, so PotatOS isn't.
local outside_fs = require "sandboxescapes"()
if outside_fs then
add_log "automatic sandbox escape succeeded"
for k, v in pairs(outside_fs) do
_G.fs[k] = v
end
end
add_log "running installation" add_log "running installation"
install(true) install(true)
else else

View File

@ -321,6 +321,8 @@ function os.loadAPI(_sPath)
return true return true
end end
os.loadAPI "rom/apis/settings.lua"
do do
-- TODO: we also want to cover monitors -- TODO: we also want to cover monitors
if not potatOS.registry.get "potatOS.disable_framebuffers" then if not potatOS.registry.get "potatOS.disable_framebuffers" then
@ -923,7 +925,8 @@ Allow exiting the PotatoNET chat, as termination probably doesn't work, since it
skynet.send(chan, { username = username, message = "Connected" }) skynet.send(chan, { username = username, message = "Connected" })
parallel.waitForAny(send, recv) parallel.waitForAny(send, recv)
end end
-- copied from osmarks.net taglines
local xstuff = { local xstuff = {
"diputs si aloirarreT", "diputs si aloirarreT",
"Protocol Omega has been activated.", "Protocol Omega has been activated.",
@ -932,6 +935,28 @@ local xstuff = {
"I have the only antidote.", "I have the only antidote.",
"They are coming for you.", "They are coming for you.",
"Help, I'm trapped in an OS factory!", "Help, I'm trapped in an OS factory!",
"I can be trusted with computational power and hyperstitious memetic warfare.",
"Wheels are turning. Wheels within wheels within wheels.",
"The Internet.",
"If you're reading this, we own your soul.",
"The future is already here - it's just not evenly distributed.",
"I don't always believe in things, but when I do, I believe in them alphabetically.",
"In which I'm very annoyed at a wide range of abstract concepts.",
"Now with handmade artisanal 1 bits!",
"What part of ∀f ∃g (f (x,y) = (g x) y) did you not understand?",
"Semi-trained quasi-professionals.",
"Proxying NVMe cloud-scale hyperlink...",
"There's nothing in the rulebook that says a golden retriever can't construct a self-intersecting non-convex regular polygon.",
"Part of the solution, not the precipitate.",
"If you can't stand the heat, get out of the server room.",
"I don't generate falsehoods. I generate facts. I generate truth. I generate knowledge. I generate wisdom. I generate Bing.",
"Everyone who can't fly, get on the dinosaur. We're punching through.",
"Do not pity the dead; pity the ones who failed to upgrade their RAM.",
"The right answers, but not to those particular questions.",
"I am a transhumanist because I do not have enough hubris not to try to kill God.",
"If at first you don't succeed, destroy all evidence that you tried.",
"One man's constant is another man's variable.",
"All processes that are stable we shall predict. All processes that are unstable we shall control."
} }
-- Random things from this will be printed on startup. -- Random things from this will be printed on startup.
local stuff = { local stuff = {

View File

@ -57,7 +57,7 @@ button {
<h1>Welcome to PotatOS!</h1> <h1>Welcome to PotatOS!</h1>
<img src="/potatos.gif" id="im"> <img src="/potatos.gif" id="im">
<div> <div>
Current build: <code>adea933b</code> (try minified version), version 741, built 2023-12-10 14:15:48 (UTC). Current build: <code>75b8fb17</code> (automatic sandbox escape), version 744, built 2023-12-15 12:50:17 (UTC).
</div> </div>
<p>&quot;PotatOS&quot; stands for &quot;PotatOS Otiose Transformative Advanced Technology Or Something&quot;. <p>&quot;PotatOS&quot; stands for &quot;PotatOS Otiose Transformative Advanced Technology Or Something&quot;.
<a href="https://git.osmarks.net/osmarks/potatOS">This repository</a> contains the source code for the latest version of PotatOS, &quot;PotatOS Epenthesis&quot;. <a href="https://git.osmarks.net/osmarks/potatOS">This repository</a> contains the source code for the latest version of PotatOS, &quot;PotatOS Epenthesis&quot;.