Commits

Robin Wellner committed 6c632d3

Closes a LuaJIT exploit by completely removing the FFI functionality.

(Hopefully, not tested yet.)

Comments (0)

Files changed (2)

src/scripts/sandbox.lua

 	dofile = nil
 	loadfile = nil
 	_G.debug = nil
+	ffi = nil
 	package.loaders = {package.loaders[1], package.loaders[2], package.loaders[3]}
 	package.loadlib = nil
 	package.loaded.debug = nil
 	package.loaded.io = nil
 	package.loaded.os = os
+	package.loaded.ffi = false
+	package.preload.ffi = false
 end
 

src/scripts/sandbox.lua.h

 	0x09, 0x64, 0x6f, 0x66, 0x69, 0x6c, 0x65, 0x20, 0x3d, 0x20, 0x6e, 0x69, 0x6c, 0x0a,
 	0x09, 0x6c, 0x6f, 0x61, 0x64, 0x66, 0x69, 0x6c, 0x65, 0x20, 0x3d, 0x20, 0x6e, 0x69, 0x6c, 0x0a,
 	0x09, 0x5f, 0x47, 0x2e, 0x64, 0x65, 0x62, 0x75, 0x67, 0x20, 0x3d, 0x20, 0x6e, 0x69, 0x6c, 0x0a,
+	0x09, 0x66, 0x66, 0x69, 0x20, 0x3d, 0x20, 0x6e, 0x69, 0x6c, 0x0a,
 	0x09, 0x70, 0x61, 0x63, 0x6b, 0x61, 0x67, 0x65, 0x2e, 0x6c, 0x6f, 0x61, 0x64, 0x65, 0x72, 0x73, 0x20, 0x3d, 
 	0x20, 0x7b, 0x70, 0x61, 0x63, 0x6b, 0x61, 0x67, 0x65, 0x2e, 0x6c, 0x6f, 0x61, 0x64, 0x65, 0x72, 0x73, 0x5b, 
 	0x31, 0x5d, 0x2c, 0x20, 0x70, 0x61, 0x63, 0x6b, 0x61, 0x67, 0x65, 0x2e, 0x6c, 0x6f, 0x61, 0x64, 0x65, 0x72, 
 	0x20, 0x3d, 0x20, 0x6e, 0x69, 0x6c, 0x0a,
 	0x09, 0x70, 0x61, 0x63, 0x6b, 0x61, 0x67, 0x65, 0x2e, 0x6c, 0x6f, 0x61, 0x64, 0x65, 0x64, 0x2e, 0x6f, 0x73, 
 	0x20, 0x3d, 0x20, 0x6f, 0x73, 0x0a,
+	0x09, 0x70, 0x61, 0x63, 0x6b, 0x61, 0x67, 0x65, 0x2e, 0x6c, 0x6f, 0x61, 0x64, 0x65, 0x64, 0x2e, 0x66, 0x66, 
+	0x69, 0x20, 0x3d, 0x20, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x0a,
+	0x09, 0x70, 0x61, 0x63, 0x6b, 0x61, 0x67, 0x65, 0x2e, 0x70, 0x72, 0x65, 0x6c, 0x6f, 0x61, 0x64, 0x2e, 0x66, 
+	0x66, 0x69, 0x20, 0x3d, 0x20, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x0a,
 	0x65, 0x6e, 0x64, 0x0a,
 }; // [sandbox.lua]
 } // love