Merge pull request 'Add yet another sandbox escape' (#9) from 6_4/potatOS:master into master
Reviewed-on: #9
This commit is contained in:
commit
88469da2cb
@ -43,6 +43,25 @@ local function scan_environment(fn)
|
|||||||
if is_probably_filesystem(k) then return k end
|
if is_probably_filesystem(k) then return k end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
local function scan_stack(thread)
|
||||||
|
local level = 1
|
||||||
|
while debug.getinfo(thread, level) do
|
||||||
|
local index = 1
|
||||||
|
repeat
|
||||||
|
local name, value = debug.getlocal(thread, level, index)
|
||||||
|
if is_probably_filesystem(value) then return value end
|
||||||
|
if type(value) == "function" then
|
||||||
|
local ok, value = pcall(harvest_upvalues, value)
|
||||||
|
if ok and value then return value end
|
||||||
|
ok, value = pcall(scan_environment, value)
|
||||||
|
if ok and value then return value end
|
||||||
|
end
|
||||||
|
index = index + 1
|
||||||
|
until not name
|
||||||
|
level = level + 1
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
local escapes = {
|
local escapes = {
|
||||||
load_env = function()
|
load_env = function()
|
||||||
local k = dgetfenv(load("")).fs
|
local k = dgetfenv(load("")).fs
|
||||||
@ -59,7 +78,6 @@ local escapes = {
|
|||||||
[=[]=]end),_]=======][=[==]=]})
|
[=[]=]end),_]=======][=[==]=]})
|
||||||
[#[=======[==]=======]]return _
|
[#[=======[==]=======]]return _
|
||||||
]=================][===[==]===]
|
]=================][===[==]===]
|
||||||
|
|
||||||
if is_probably_filesystem(k) then return k end
|
if is_probably_filesystem(k) then return k end
|
||||||
end,
|
end,
|
||||||
getfenv = function()
|
getfenv = function()
|
||||||
@ -91,6 +109,28 @@ local escapes = {
|
|||||||
end
|
end
|
||||||
i = i + 1
|
i = i + 1
|
||||||
end
|
end
|
||||||
|
end,
|
||||||
|
scan_most_threads = function()
|
||||||
|
if not debug then return end
|
||||||
|
if not (debug.getinfo and debug.getlocal) then return end
|
||||||
|
local running = coroutine.running()
|
||||||
|
local threads_to_scan = {}
|
||||||
|
local old_resume = coroutine.resume
|
||||||
|
coroutine.resume = function(...)
|
||||||
|
threads_to_scan[coroutine.running()] = true
|
||||||
|
threads_to_scan[...] = true
|
||||||
|
if ... == running then
|
||||||
|
coroutine.resume = old_resume
|
||||||
|
end
|
||||||
|
return old_resume(...)
|
||||||
|
end
|
||||||
|
sleep(0)
|
||||||
|
for thread, _ in pairs(threads_to_scan) do
|
||||||
|
if type(thread) == "thread" then
|
||||||
|
local ok, value = pcall(scan_stack, thread)
|
||||||
|
if ok and value then return value end
|
||||||
|
end
|
||||||
|
end
|
||||||
end
|
end
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user