For the MediaWiki extension that allows use of sandboxed Lua code, see Extension:Scribunto
LuaSandbox is an extension for PHP 7 and PHP 8 to allow safely running untrusted Lua 5.1 code from within PHP, which will generally be faster than shelling out to a Lua binary and using inter-process communication.
Apt based distributions (Debian, Ubuntu, etc.)[edit]LuaSandbox is available in Debian 10 and Ubuntu 18.04 and later. Install with the following command:
apt install php-luasandbox -yRPM based distributions (Fedora/RedHat, SUSE, etc.)[edit]
LuaSandbox can be installed from the REMI repository. The list of available RPMs can be found here.
LuaSandbox is now available in PECL, which also provides pre-built Windows DLLs. See our package page. First get the correct Lua 5.1 library as described below under "manual installation". Then run:
pecl install luasandboxManual installation[edit]
Install the headers and library files for PHP and Lua 5.1.
apt install php-dev liblua5.1-0-dev -y
yum install php-devel lua5.1 lua5.1-devel
Download the source code into an appropriate directory from git:
git init git pull https://gerrit.wikimedia.org/r/mediawiki/php/luasandbox.git
Or download a snapshot and unpack.
luasandbox here is the directory that LuaSandbox Git repository was cloned to.
cd luasandbox phpize && ./configure && make && sudo make install
Then add extension=luasandbox.so to the PHP configuration in an appropriate place. For example, in modern Debian-derived distributions you would add a file to /etc/php/$version/mods-available (where $version is the version of PHP for which you complied LuaSandbox) and use the phpenmod command to enable it.
If you are using LuaSandbox with a web application such as MediaWiki, you will need to restart your web server or php-fpm for PHP to load the extension. After such reload, you should see LuaSandbox in the output of phpinfo() and get_loaded_extensions() (and, for MediaWiki with Scribunto installed, Special:Version).
$sandbox = new LuaSandbox;
$sandbox->setMemoryLimit( 50 * 1024 * 1024 );
$sandbox->setCPULimit( 10 );
// Register some functions in the Lua environment
function frobnosticate( $v ) {
return [ $v + 42 ];
}
$sandbox->registerLibrary( 'php', [
'frobnosticate' => 'frobnosticate',
'output' => function ( $string ) {
echo "$string\n";
},
'error' => function () {
throw new LuaSandboxRuntimeError( "Something is wrong" );
}
] );
// Execute some Lua code, including callbacks into PHP and into Lua
$luaCode = <<<EOF
php.output( "Hello, world" );
return "Hi", function ( v )
return php.frobnosticate( v + 200 )
end
EOF;
list( $hi, $frob ) = $sandbox->loadString( $luaCode )->call();
assert( $frob->call( 4000 ) === [ 4242 ] );
// PHP-thrown LuaSandboxRuntimeError exceptions can be caught inside Lua
list( $ok, $message ) = $sandbox->loadString( 'return pcall( php.error )' )->call();
assert( !$ok );
assert( $message === 'Something is wrong' );
Our documentation now lives within the upstream PHP manual at https://www.php.net/book.luasandbox.
If you want to change the manual, you can either submit a pull request against the PHP manual repository in GitHub, or change our mirror of the LuaSandbox chapter in the extension's Gerrit project.
LuaSandbox provides a sandboxed environment which differs in some ways from standard Lua 5.1.
The following functions and packages are not available:
dofile(), loadfile(), and the io package, as they allow direct filesystem access. If needed, filesystem access should be done via PHP callbacks.package package, including require() and module(), as it depends heavily on direct filesystem access. A pure-Lua rewrite such as that used in Scribunto may be used instead.load() and loadstring(), to allow for static analysis of Lua code.print(), since it outputs to standard output. If needed, output should be done via PHP callbacks.os package, as it allows manipulation of the process and executing of other processes.
os.clock(), os.date(), os.difftime(), and os.time() remain available.debug package, as it allows manipulation of Lua state and metadata in ways that can break sandboxing.
debug.traceback() remains available.string.dump(), as it may expose internal data.collectgarbage(), gcinfo(), and the coroutine package have not been reviewed for security.The following features have been modified:
pcall() and xpcall() cannot catch certain errors, particularly timeout errors.tostring() does not include pointer addresses.string.match() has been patched to limit the recursion depth and to periodically check for a timeout.math.random() and math.randomseed() are replaced with versions that don't share state with PHP's rand().__pairs and __ipairs metamethods are supported by pairs() and ipairs().Over the years, MediaWiki's wikitext template language gained more features and grew more complicated. As early as 2009, MediaWiki developers began discussing the idea of embedding a real scripting language instead of continuing to make wikitext more complex.
Requirements for such a project included a strong sandbox and strict limitations on memory and CPU time usage, since it would be executing untrusted user code on production servers. It would need to be usable by shelling out to a standalone binary, with the ability to be run in-process via a PHP extension for better performance being a major benefit.
When development started in earnest circa 2011, four candidate languages were identified: Lua, JavaScript, PHP, or a hypothetical "WikiScript" language to be developed. Lua had several advantages:
The main disadvantage was that it wasn't known as widely as JavaScript.
JavaScript, in the form of the V8 engine at the time, had several disadvantages:
The Rhino engine was worse, as being written in Java it couldn't sanely be embedded in PHP at all. PHP itself was rejected since proper embedding and sandboxing would have been extremely difficult and pre-parsing would have been slow, and "WikiScript" would have been a much larger project in that it would have required developing an interpreter (or two) from scratch.
Thus, Lua was chosen, specifically version 5.1 that was available at the time, and this PHP extension was developed. The changes made to function environment handling in 5.2 have prevented a simple upgrade since, see phab:T178146 for details.
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4