diff --git a/test/tool/net/argon2_test.lua b/test/tool/net/argon2_test.lua index 4f58910ba..065d23d36 100644 --- a/test/tool/net/argon2_test.lua +++ b/test/tool/net/argon2_test.lua @@ -13,6 +13,8 @@ -- TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -- PERFORMANCE OF THIS SOFTWARE. +unix.pledge("stdio") + assert(assert(argon2.hash_encoded("password", "somesalt", { variant = argon2.variants.argon2_i, m_cost = 65536, diff --git a/test/tool/net/encodejson_test.lua b/test/tool/net/encodejson_test.lua index eb9691bab..ce18a8df3 100644 --- a/test/tool/net/encodejson_test.lua +++ b/test/tool/net/encodejson_test.lua @@ -13,6 +13,8 @@ -- TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -- PERFORMANCE OF THIS SOFTWARE. +unix.pledge("stdio") + assert(EncodeJson(nil) == "null") assert(EncodeJson(true) == "true") assert(EncodeJson(false) == "false") diff --git a/test/tool/net/encodelua_test.lua b/test/tool/net/encodelua_test.lua index 32789b3ca..156dc1a90 100644 --- a/test/tool/net/encodelua_test.lua +++ b/test/tool/net/encodelua_test.lua @@ -13,6 +13,8 @@ -- TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -- PERFORMANCE OF THIS SOFTWARE. +unix.pledge("stdio") + assert(EncodeLua(nil) == "nil") assert(EncodeLua(true) == "true") assert(EncodeLua(false) == "false") diff --git a/test/tool/net/jsonorg_fail_test.lua b/test/tool/net/jsonorg_fail_test.lua index 87a230e37..25c91acf6 100644 --- a/test/tool/net/jsonorg_fail_test.lua +++ b/test/tool/net/jsonorg_fail_test.lua @@ -1,3 +1,5 @@ +unix.pledge("stdio") + -- https://www.json.org/JSON_checker/test.zip -- JSON parsing sample test case: fail11.json assert(not DecodeJson([[ diff --git a/test/tool/net/jsonorg_pass_test.lua b/test/tool/net/jsonorg_pass_test.lua index bd3e38533..83775f111 100644 --- a/test/tool/net/jsonorg_pass_test.lua +++ b/test/tool/net/jsonorg_pass_test.lua @@ -1,3 +1,5 @@ +unix.pledge("stdio") + -- https://www.json.org/JSON_checker/test.zip -- JSON parsing sample test case: pass1.json assert(DecodeJson([[ diff --git a/test/tool/net/jsontestsuite_fail1_test.lua b/test/tool/net/jsontestsuite_fail1_test.lua index 26fb5cd12..26cae6207 100644 --- a/test/tool/net/jsontestsuite_fail1_test.lua +++ b/test/tool/net/jsontestsuite_fail1_test.lua @@ -26,6 +26,8 @@ -- SOFTWARE. -- +unix.pledge("stdio") + -- these test cases are prefixed with n_ -- ljson should reject all of them as invalid diff --git a/test/tool/net/jsontestsuite_fail2_test.lua b/test/tool/net/jsontestsuite_fail2_test.lua index e383c63fc..b59738c36 100644 --- a/test/tool/net/jsontestsuite_fail2_test.lua +++ b/test/tool/net/jsontestsuite_fail2_test.lua @@ -26,6 +26,8 @@ -- SOFTWARE. -- +unix.pledge("stdio") + -- these test cases are prefixed with n_ -- ljson should reject all of them as invalid diff --git a/test/tool/net/jsontestsuite_fail3_test.lua b/test/tool/net/jsontestsuite_fail3_test.lua index 3c8058e5e..d60003fa5 100644 --- a/test/tool/net/jsontestsuite_fail3_test.lua +++ b/test/tool/net/jsontestsuite_fail3_test.lua @@ -26,6 +26,8 @@ -- SOFTWARE. -- +unix.pledge("stdio") + -- these test cases are prefixed with n_ -- ljson should reject all of them as invalid diff --git a/test/tool/net/jsontestsuite_fail4_test.lua b/test/tool/net/jsontestsuite_fail4_test.lua index 71fa1ccdc..51de0c488 100644 --- a/test/tool/net/jsontestsuite_fail4_test.lua +++ b/test/tool/net/jsontestsuite_fail4_test.lua @@ -26,6 +26,8 @@ -- SOFTWARE. -- +unix.pledge("stdio") + -- these test cases are prefixed with n_ -- ljson should reject all of them as invalid diff --git a/test/tool/net/jsontestsuite_okay_test.lua b/test/tool/net/jsontestsuite_okay_test.lua index 2ac78c1f2..15ebd9817 100644 --- a/test/tool/net/jsontestsuite_okay_test.lua +++ b/test/tool/net/jsontestsuite_okay_test.lua @@ -26,6 +26,8 @@ -- SOFTWARE. -- +unix.pledge("stdio") + -- these test cases are prefixed with i_ -- ljson is free to accept or reject, -- but we run them anyway to check for segfaults diff --git a/test/tool/net/jsontestsuite_pass_test.lua b/test/tool/net/jsontestsuite_pass_test.lua index e1f2119d9..862bb0d52 100644 --- a/test/tool/net/jsontestsuite_pass_test.lua +++ b/test/tool/net/jsontestsuite_pass_test.lua @@ -26,6 +26,8 @@ -- SOFTWARE. -- +unix.pledge("stdio") + -- these test cases are prefixed with y_ -- ljson should accept all of them as valid diff --git a/test/tool/net/lfuncs_test.lua b/test/tool/net/lfuncs_test.lua index 7ca55f21c..ada5a8ead 100644 --- a/test/tool/net/lfuncs_test.lua +++ b/test/tool/net/lfuncs_test.lua @@ -13,6 +13,8 @@ -- TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -- PERFORMANCE OF THIS SOFTWARE. +unix.pledge("stdio") + x = Rdtsc() y = Rdtsc() assert(y > x) diff --git a/test/tool/net/ljson_test.lua b/test/tool/net/ljson_test.lua index 9b90ac682..078f75605 100644 --- a/test/tool/net/ljson_test.lua +++ b/test/tool/net/ljson_test.lua @@ -13,6 +13,8 @@ -- TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -- PERFORMANCE OF THIS SOFTWARE. +unix.pledge("stdio") + assert(EncodeLua(assert(DecodeJson[[ 0 ]])) == '0' ) assert(EncodeLua(assert(DecodeJson[[ [1] ]])) == '{1}') assert(EncodeLua(assert(DecodeJson[[ 2.3 ]])) == '2.3') diff --git a/test/tool/net/lre_test.lua b/test/tool/net/lre_test.lua index 1992e4c05..d4e4eca66 100644 --- a/test/tool/net/lre_test.lua +++ b/test/tool/net/lre_test.lua @@ -13,6 +13,8 @@ -- TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -- PERFORMANCE OF THIS SOFTWARE. +unix.pledge("stdio") + assert(string.match("127.123.231.1", "%d+.%d+.%d+.%d+")) assert(re.search([[^\d{1,3}(\.\d{1,3}){3}$]], "127.123.231.1")) diff --git a/test/tool/net/lua_test.lua b/test/tool/net/lua_test.lua index 451695a51..3646cce41 100644 --- a/test/tool/net/lua_test.lua +++ b/test/tool/net/lua_test.lua @@ -13,6 +13,8 @@ -- TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -- PERFORMANCE OF THIS SOFTWARE. +unix.pledge("stdio") + -- test redbean lua language extensions assert(0b100 == 4) assert(0200 == 128) diff --git a/test/tool/net/lunix_test.lua b/test/tool/net/lunix_test.lua index aea76f6e9..55b47de48 100644 --- a/test/tool/net/lunix_test.lua +++ b/test/tool/net/lunix_test.lua @@ -151,6 +151,9 @@ end function main() assert(unix.makedirs(tmpdir)) + unix.unveil(tmpdir, "rwc") + unix.unveil(nil, nil) + unix.pledge("stdio rpath wpath cpath proc") ok, err = pcall(UnixTest) if ok then assert(unix.rmrf(tmpdir)) diff --git a/test/tool/net/path_test.lua b/test/tool/net/path_test.lua index 3c760f85f..2d99be3cc 100644 --- a/test/tool/net/path_test.lua +++ b/test/tool/net/path_test.lua @@ -13,6 +13,8 @@ -- TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -- PERFORMANCE OF THIS SOFTWARE. +unix.pledge("stdio") + assert("/usr/lib" == path.dirname("/usr/lib/foo.bar")) assert("/usr" == path.dirname("/usr/lib")) assert("usr" == path.dirname("usr/lib")) diff --git a/test/tool/net/slurp_test.lua b/test/tool/net/slurp_test.lua index 1e98e3435..972a55cb1 100644 --- a/test/tool/net/slurp_test.lua +++ b/test/tool/net/slurp_test.lua @@ -38,6 +38,9 @@ end local function main() assert(unix.makedirs(tmpdir)) + unix.unveil(tmpdir, "rwc") + unix.unveil(nil, nil) + unix.pledge("stdio rpath wpath cpath") ok, err = pcall(SlurpTest) if ok then assert(unix.rmrf(tmpdir)) diff --git a/third_party/lua/lauxlib.c b/third_party/lua/lauxlib.c index 16d4db7f3..4a419dcf7 100644 --- a/third_party/lua/lauxlib.c +++ b/third_party/lua/lauxlib.c @@ -216,7 +216,7 @@ LUALIB_API void luaL_traceback (lua_State *L, lua_State *L1, /** - * Improved Lua traceback. + * [jart] Improved Lua traceback. * @see https://luyuhuang.tech/2020/12/01/lua-traceback-with-parameters.html * @author Luyu Huang */ diff --git a/third_party/lua/lunix.c b/third_party/lua/lunix.c index aa63eca9c..799acd4d8 100644 --- a/third_party/lua/lunix.c +++ b/third_party/lua/lunix.c @@ -1382,13 +1382,13 @@ static int LuaUnixPledge(lua_State *L) { pledge(luaL_checkstring(L, 1), luaL_optstring(L, 2, 0))); } -// sandbox.unveil(path:str, permissions:str) +// sandbox.unveil([path:str[, permissions:str]]) // ├─→ true // └─→ nil, unix.Errno static int LuaUnixUnveil(lua_State *L) { int olderr = errno; return SysretBool(L, "unveil", olderr, - unveil(luaL_checkstring(L, 1), luaL_checkstring(L, 2))); + unveil(luaL_optstring(L, 1, 0), luaL_optstring(L, 2, 0))); } // unix.gethostname() diff --git a/tool/net/help.txt b/tool/net/help.txt index 29e361996..a2ea3aaf5 100644 --- a/tool/net/help.txt +++ b/tool/net/help.txt @@ -3965,14 +3965,14 @@ UNIX MODULE unix.unveil(".", "r"); -- current dir + children visible unix.unveil("/etc", "r"); -- make /etc readable too - unix.unveil(0, 0); -- commit and lock policy + unix.unveil(nil, nil); -- commit and lock policy Unveiling restricts a thread's view of the filesystem to a set of allowed paths with specific privileges. Once you start using unveil(), the entire file system is considered hidden. You then specify, by repeatedly calling unveil(), which paths - should become unhidden. When you're finished, you call `unveil(0,0)` + should become unhidden. When you're finished, you call `unveil(nil,nil)` which commits your policy, after which further use is forbidden, in the current thread, as well as any threads or processes it spawns. @@ -3981,7 +3981,7 @@ UNIX MODULE 1. Build your policy and lock it in one go. On OpenBSD, policies take effect immediately and may evolve as you continue to call unveil() but only in a more restrictive direction. On Linux, nothing will - happen until you call `unveil(0,0)` which commits and locks. + happen until you call `unveil(nil,nil)` which commits and locks. 2. Try not to overlap directory trees. On OpenBSD, if directory trees overlap, then the most restrictive policy will be used for a given