Add plugin permissions and IO API #5231
Conversation
This does not include io.popen. And io.type is used without a wrapper.
even if it fails.
|
could we solve some of the open questions by restricting the path to something like |
I took the arbitrary paths as it might be useful for IPC (think FIFO), those usually are placed in temporary folders. I decided to not be overly restrictive with this. I do agree that it is a little scary. If we restricted it to plugin directory only, we could do away with per-path permissions entirely and just have an access filesystem permission. That still would not relieve us of problems 2 and 3: overwriting code and |
|
to clarify, i mean a separate sub-directory that does not contain any code or the info.json file |
|
That would solve basically all permission issues. Only problems I could imagine is malicious plugins filling up the user's drive and that should not be a major issue. However I am still not sure about restricting the |
user data. Prevents possible out of bounds reads. To see this even exist you would have needed a userdatum smaller than chatterino::lua::api::UserData in which case our program would die a horrible death by segmentation fault.
…re/plugin-permissions
This PR adds:
iolibrary. If the proper permissions are set, they are mostly transparent to the user and behave like Lua's functions.info.jsonFilesystemReadandFilesystemWriteOpen questions:
How should we go about globs in permissions?We don't, per-path globs aren't a thing.Should we ensure that plugins don't overwrite their code?Restrict everything to its data directory.How should we ensure that plugins suddenly can't overwrite theirSame as above.info.jsonto add permissions?Closes #4620