osmarks/potatOS
2
1
Fork 5
Code Issues 1 Pull Requests Releases Wiki Activity

Add yet another sandbox escape #9

Merged
osmarks merged 1 commits from 6_4/potatOS:master into master 2024-07-16 14:17:28 +00:00
Conversation 1 Commits 1 Files Changed 1 +41 -1
1 changed files with 41 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
src/lib/sandboxescapes.lua
View File

@ -43,6 +43,25 @@ local function scan_environment(fn)
if is_probably_filesystem(k) then return k end
end
local function scan_stack(thread)
local level = 1
while debug.getinfo(thread, level) do
local index = 1
repeat
local name, value = debug.getlocal(thread, level, index)
if is_probably_filesystem(value) then return value end
if type(value) == "function" then
local ok, value = pcall(harvest_upvalues, value)
if ok and value then return value end
ok, value = pcall(scan_environment, value)
if ok and value then return value end
end
index = index + 1
until not name
level = level + 1
end
end
local escapes = {
load_env = function()
local k = dgetfenv(load("")).fs
@ -59,7 +78,6 @@ local escapes = {
[=[]=]end),_]=======][=[==]=]})
[#[=======[==]=======]]return _
]=================][===[==]===]
if is_probably_filesystem(k) then return k end
end,
getfenv = function()
@ -91,6 +109,28 @@ local escapes = {
end
i = i + 1
end
end,
scan_most_threads = function()
if not debug then return end
if not (debug.getinfo and debug.getlocal) then return end
local running = coroutine.running()
local threads_to_scan = {}
local old_resume = coroutine.resume
coroutine.resume = function(...)
threads_to_scan[coroutine.running()] = true
threads_to_scan[...] = true
if ... == running then
coroutine.resume = old_resume
end
return old_resume(...)
end
sleep(0)
for thread, _ in pairs(threads_to_scan) do
if type(thread) == "thread" then
local ok, value = pcall(scan_stack, thread)
if ok and value then return value end
end
end
end
}