security wrappers: move original func var into wrapper closure
This commit is contained in:
mfranz
parent
1e5cf9ff0a
commit
bcc043a368
1 changed files with 23 additions and 19 deletions
42
Nasal/io.nas
42
Nasal/io.nas
|
|
@ -15,8 +15,8 @@ var readfile = func(file) {
|
||||||
# 0xf000.
|
# 0xf000.
|
||||||
var _gen_ifmt_test = func(ifmt) {
|
var _gen_ifmt_test = func(ifmt) {
|
||||||
func(stat_mode) {
|
func(stat_mode) {
|
||||||
var i = int(stat_mode / 4096);
|
var i = int(stat_mode / 0x1000);
|
||||||
return ifmt == i - int(i / 16) * 16;
|
return ifmt == i - int(i / 0x10) * 0x10;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -307,28 +307,32 @@ _setlistener("/sim/signals/nasal-dir-initialized", func {
|
||||||
|
|
||||||
|
|
||||||
# wrap io.open()
|
# wrap io.open()
|
||||||
var _open = io.open;
|
io.open = var io_open = (func {
|
||||||
io.open = var io_open = func(path, mode = "rb") {
|
var _open = io.open;
|
||||||
var rules = write_rules;
|
func(path, mode = "rb") {
|
||||||
if (mode == "r" or mode == "rb" or mode == "br")
|
var rules = write_rules;
|
||||||
rules = read_rules;
|
if (mode == "r" or mode == "rb" or mode == "br")
|
||||||
|
rules = read_rules;
|
||||||
|
|
||||||
if (var vpath = valid(path, rules))
|
if (var vpath = valid(path, rules))
|
||||||
return _open(vpath, mode);
|
return _open(vpath, mode);
|
||||||
|
|
||||||
die("io.open(): opening file '" ~ path ~ "' denied (unauthorized access)\n ");
|
die("io.open(): opening file '" ~ path ~ "' denied (unauthorized access)\n ");
|
||||||
}
|
}
|
||||||
|
})();
|
||||||
|
|
||||||
# wrap closure() to prevent tampering with security related functions
|
# wrap closure() to prevent tampering with security related functions
|
||||||
var thislistener = caller(0)[1];
|
var thislistener = caller(0)[1];
|
||||||
var _closure = globals.closure;
|
globals.closure = (func {
|
||||||
globals.closure = func(fn, level = 0) {
|
var _closure = globals.closure;
|
||||||
var thisfunction = caller(0)[1];
|
func(fn, level = 0) {
|
||||||
if (fn != thislistener and fn != io_open and fn != thisfunction
|
var thisfunction = caller(0)[1];
|
||||||
and fn != read_validator and fn != write_validator)
|
if (fn != thislistener and fn != io_open and fn != thisfunction
|
||||||
return _closure(fn, level);
|
and fn != read_validator and fn != write_validator)
|
||||||
|
return _closure(fn, level);
|
||||||
|
|
||||||
die("closure(): query denied (unauthorized access)\n ");
|
die("closure(): query denied (unauthorized access)\n ");
|
||||||
}
|
}
|
||||||
|
})();
|
||||||
});
|
});
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue