security wrappers: move original func var into wrapper closure
This commit is contained in:
mfranz
parent
1e5cf9ff0a
commit
bcc043a368
1 changed files with 23 additions and 19 deletions
12
Nasal/io.nas
12
Nasal/io.nas
|
|
@ -15,8 +15,8 @@ var readfile = func(file) {
|
||||||
# 0xf000.
|
# 0xf000.
|
||||||
var _gen_ifmt_test = func(ifmt) {
|
var _gen_ifmt_test = func(ifmt) {
|
||||||
func(stat_mode) {
|
func(stat_mode) {
|
||||||
var i = int(stat_mode / 4096);
|
var i = int(stat_mode / 0x1000);
|
||||||
return ifmt == i - int(i / 16) * 16;
|
return ifmt == i - int(i / 0x10) * 0x10;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -307,8 +307,9 @@ _setlistener("/sim/signals/nasal-dir-initialized", func {
|
||||||
|
|
||||||
|
|
||||||
# wrap io.open()
|
# wrap io.open()
|
||||||
|
io.open = var io_open = (func {
|
||||||
var _open = io.open;
|
var _open = io.open;
|
||||||
io.open = var io_open = func(path, mode = "rb") {
|
func(path, mode = "rb") {
|
||||||
var rules = write_rules;
|
var rules = write_rules;
|
||||||
if (mode == "r" or mode == "rb" or mode == "br")
|
if (mode == "r" or mode == "rb" or mode == "br")
|
||||||
rules = read_rules;
|
rules = read_rules;
|
||||||
|
|
@ -318,11 +319,13 @@ _setlistener("/sim/signals/nasal-dir-initialized", func {
|
||||||
|
|
||||||
die("io.open(): opening file '" ~ path ~ "' denied (unauthorized access)\n ");
|
die("io.open(): opening file '" ~ path ~ "' denied (unauthorized access)\n ");
|
||||||
}
|
}
|
||||||
|
})();
|
||||||
|
|
||||||
# wrap closure() to prevent tampering with security related functions
|
# wrap closure() to prevent tampering with security related functions
|
||||||
var thislistener = caller(0)[1];
|
var thislistener = caller(0)[1];
|
||||||
|
globals.closure = (func {
|
||||||
var _closure = globals.closure;
|
var _closure = globals.closure;
|
||||||
globals.closure = func(fn, level = 0) {
|
func(fn, level = 0) {
|
||||||
var thisfunction = caller(0)[1];
|
var thisfunction = caller(0)[1];
|
||||||
if (fn != thislistener and fn != io_open and fn != thisfunction
|
if (fn != thislistener and fn != io_open and fn != thisfunction
|
||||||
and fn != read_validator and fn != write_validator)
|
and fn != read_validator and fn != write_validator)
|
||||||
|
|
@ -330,5 +333,6 @@ _setlistener("/sim/signals/nasal-dir-initialized", func {
|
||||||
|
|
||||||
die("closure(): query denied (unauthorized access)\n ");
|
die("closure(): query denied (unauthorized access)\n ");
|
||||||
}
|
}
|
||||||
|
})();
|
||||||
});
|
});
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue