Is it intentional that sandboxing is not deep? #1752

ds-sloth · 2025-03-27T02:51:54Z

ds-sloth
Mar 27, 2025

If I sandbox an environment with the following code, a.b.x is successfully incremented, and then an error is thrown at the point when a.x would be incremented. Is this intentional on the part of the Luau team?

a = {b = {x = 1}, x = 1}

function f()
    print("a.b.x (old)", a.b.x)
    a.b.x += 1
    print("a.b.x (new)", a.b.x)

    print("a.x (old)", a.x)
    a.x += 1
    print("a.y (new)", a.x)
end

(For my use case -- user scripting with savestates that don't include any Luau state -- I'll need to implement deep sandboxing downstream, but I could do that in my client application, or I could do it by modifying the luaL_sandbox functions and submitting a PR. This should be trivial to implement with a depth-first algorithm, using getreadonly to prevent cycles.)

(The same question applies for closures.)

Mooshua · 2025-03-28T21:57:48Z

Mooshua
Mar 28, 2025

The whole point of sandboxing is that the entire global state has read-only entries and read-only metatables. You have to maintain this yourself. All of the built-in libraries have this property (once luaL_sandbox has been called) and realistically the biggest thing you need to do is add a few lua_setreadonly calls while you're building your tables.

Luau can't possibly expect to cover all edge cases where sandboxing might be broken; for example, xmove-ing an object is enough to technically "break" the sandbox. It seems to be an intentional decision for them to have left it up to the implementer, see #251 and the implementation of the base libraries themselves (especially createmetatable within lveclib.cpp)

In my own implementation of Luau i've set it to set everything as read only after all values to a table have been set but before it has been added to the global state:

lua_createtable(L, 0, 8);

//      ....

lua_pushlstring(L, classMeta._name.data(), classMeta._name.length());
lua_rawsetfield(L, -2, "__type");

//      Hide metatable behind a read-only empty table.
//      Luau's `setmetatable` will hide the real metatable if the `__metatable` field is set.
lua_createtable(L, 0, 0);
lua_setreadonly(L, -1, true);
lua_rawsetfield(L, -2, "__metatable");

//	Metatables should be read-only to prevent hijacking :)
lua_setreadonly(L, -1, true);

lua_setuserdatametatable(L, tag, -1);
lua_setuserdatadtor(L, tag, classMeta._destructor);

1 reply

ds-sloth Mar 28, 2025
Author

Thanks for your reply! This is insightful and I'll keep your steps in mind when I'm implementing my sandboxing.

Luau can't possibly expect to cover all edge cases where sandboxing might be broken

I agree that they absolutely can't expect to do so given foolish C code, but I would at least hope they could fully sandbox edge cases where Lua code could break sandboxing.

But it's possible that my usecase is too far removed from the Luau team's usecase. My goal is to execute user-sourced Lua code, sandbox the resulting global state, and then execute user-sourced functions.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Is it intentional that sandboxing is not deep? #1752

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{editor}}'s edit

{{editor}}'s edit

Uh oh!

Replies: 1 comment 1 reply

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Select a reply

Uh oh!

Is it intentional that sandboxing is not deep? #1752

Uh oh!

Uh oh!

ds-sloth Mar 27, 2025

Replies: 1 comment · 1 reply

Uh oh!

Mooshua Mar 28, 2025

Uh oh!

ds-sloth Mar 28, 2025 Author

ds-sloth
Mar 27, 2025

Replies: 1 comment 1 reply

Mooshua
Mar 28, 2025

ds-sloth Mar 28, 2025
Author