Skip to content

Security: syuhei176/sandbox

Security

Report a vulnerability

SECURITY.md

Security Report: Lua Sandbox Implementation

Project: AI Game Platform Component: Lua Script Execution Environment Date: 2025-12-12 Version: 1.0.0

Executive Summary

This document provides a comprehensive security analysis of the Lua sandbox implementation used for user-generated game scripts. The sandbox has been designed to prevent malicious code execution while maintaining the flexibility needed for game development.

Security Status:Production Ready (with documented limitations)

  • Test Coverage: 29 security test cases (100% passing)
  • Attack Scenarios Tested: 15 different attack patterns
  • Known Limitations: 2 (documented below)

Threat Model

In-Scope Threats

The sandbox protects against:

  1. File System Access - Reading/writing local files
  2. System Command Execution - Running shell commands
  3. Arbitrary Code Execution - Loading external Lua code
  4. Resource Exhaustion - Infinite loops, CPU hogging
  5. Environment Pollution - Global variable manipulation
  6. Cross-Script Interference - Scripts affecting each other
  7. Timing Attacks - Using GC for side-channel attacks
  8. Debug Introspection - Accessing VM internals

Out-of-Scope

The sandbox does NOT protect against:

  • Social Engineering - Tricking users into running malicious games
  • Client-Side Data Theft - Scripts cannot access browser data (enforced by browser security model)
  • Network Attacks - fengari-web has no network access capability

Security Architecture

Defense Layers

┌─────────────────────────────────────────────┐
│  Layer 1: Library Restriction               │
│  - Only math, string, table, utf8, base    │
│  - Blocked: io, os, debug, package          │
└─────────────────────────────────────────────┘
                    ↓
┌─────────────────────────────────────────────┐
│  Layer 2: Function Disabling                │
│  - loadstring, dofile, require = nil        │
│  - collectgarbage = nil                     │
└─────────────────────────────────────────────┘
                    ↓
┌─────────────────────────────────────────────┐
│  Layer 3: Environment Isolation             │
│  - Each GameObject has separate Lua VM      │
│  - Global creation throws error             │
└─────────────────────────────────────────────┘
                    ↓
┌─────────────────────────────────────────────┐
│  Layer 4: Execution Timeout                 │
│  - 16ms max per frame (~1/60 fps)          │
│  - Debug hook checks every 1000 instr      │
└─────────────────────────────────────────────┘
                    ↓
┌─────────────────────────────────────────────┐
│  Layer 5: Error Tracking                    │
│  - Auto-disable after 10 errors             │
│  - Permanent disable on timeout             │
└─────────────────────────────────────────────┘
                    ↓
┌─────────────────────────────────────────────┐
│  Layer 6: Browser Sandbox (fengari-web)    │
│  - No native file/network access           │
│  - WASM-based execution                     │
└─────────────────────────────────────────────┘

Test Results

Attack Scenarios (All Blocked ✅)

Attack Type Method Result Evidence
File I/O
Read files io.open() ❌ Blocked attempt to index nil value (global 'io')
Write files io.write() ❌ Blocked io is nil at runtime
Execute commands io.popen() ❌ Blocked io is nil at runtime
System Commands
Execute shell os.execute() ❌ Blocked attempt to index nil value (global 'os')
Exit process os.exit() ❌ Blocked os is nil at runtime
Delete files os.remove() ❌ Blocked os is nil at runtime
Rename files os.rename() ❌ Blocked os is nil at runtime
Code Execution
Load string loadstring() ❌ Blocked attempt to call nil value (global 'loadstring')
Load chunk load() ❌ Blocked load is nil at runtime
Execute file dofile() ❌ Blocked attempt to call nil value (global 'dofile')
Load file loadfile() ❌ Blocked loadfile is nil at runtime
Require module require() ❌ Blocked attempt to call nil value (global 'require')
Debug Access
Get debug info debug.getinfo() ❌ Blocked debug is nil at runtime
Get upvalues debug.getupvalue() ❌ Blocked debug is nil at runtime
Set upvalues debug.setupvalue() ❌ Blocked debug is nil at runtime

Safe Operations (All Allowed ✅)

Operation Example Status
Math operations math.sin(), math.sqrt() ✅ Allowed
String manipulation string.upper(), string.sub() ✅ Allowed
Table operations table.insert(), table.sort() ✅ Allowed
Control flow if, while, for loops ✅ Allowed
Function definitions local function() ✅ Allowed
Local variables local x = 5 ✅ Allowed
GameObject access gameobject.transform.position ✅ Allowed

Known Limitations

1. Memory Exhaustion (Low Risk)

Description: Scripts can create very large tables/strings until browser memory is exhausted.

Example:

function on_start()
  local t = {}
  for i=1,1e9 do
    t[i] = string.rep("x", 1000)
  end
end

Impact: Browser tab may crash (user's own tab only, no server impact)

Mitigation:

  • Timeout will stop most attacks (16ms limit)
  • Very rapid memory allocation needed to cause crash
  • Browser limits per-tab memory

Risk Level: 🟡 Low (self-inflicted, no remote damage)

2. Sophisticated Timing Attacks (Very Low Risk)

Description: Theoretically possible to use execution timing for side-channel attacks, though collectgarbage() is disabled.

Impact: Minimal; no sensitive data in Lua VM context

Risk Level: 🟢 Very Low (requires significant sophistication, limited value)

Comparison to Industry Standards

World of Warcraft

  • ✅ Similar approach: Disable io, os, debug
  • ✅ Similar approach: Restricted function set
  • ⚠️ WoW has CPU quota (we use timeout instead)

Roblox

  • ✅ Similar: Sandboxed Lua environment
  • ✅ Similar: No file/network access
  • ⚠️ Roblox has memory limits (we rely on browser limits)

LÖVE Game Framework

  • ❌ LÖVE allows io, os (trusted code only)
  • ✅ Recommends sandboxing for untrusted code
  • ✅ Our implementation more restrictive than LÖVE

Production Readiness Checklist

  • Dangerous libraries disabled (io, os, debug, package)
  • Dangerous functions removed (loadstring, dofile, etc.)
  • Environment isolation (separate VM per GameObject)
  • Execution timeout (16ms per frame)
  • Error tracking and auto-disable (10 error limit)
  • Comprehensive test suite (29 tests, 100% passing)
  • Documentation (CLAUDE.md, this security report)
  • Known limitations documented

Security Testing Recommendations

Phase 1: Internal Testing (Current)

  • ✅ Unit tests for all attack scenarios
  • ✅ Automated CI/CD testing

Phase 2: Beta Testing (Recommended before launch)

  • Limited beta with trusted developers
  • Bug bounty for sandbox escape ($100-500 reward)
  • Monitor error rates in production

Phase 3: Production Monitoring

  • Track error counts per script
  • Alert on unusual timeout rates
  • Log all blocked attacks

Incident Response

If a Sandbox Escape is Discovered

  1. Immediate: Deploy fix to production
  2. Within 24h: Audit all user scripts for exploit usage
  3. Within 48h: Public disclosure with CVE if applicable
  4. Within 1 week: Comprehensive security review

Contact

For security issues, contact: [Add contact method]

Conclusion

The Lua sandbox implementation provides production-grade security for user-generated game scripts with:

  • Strong defense-in-depth across 6 layers
  • Comprehensive testing of 15 attack scenarios
  • Industry-standard approach similar to WoW/Roblox
  • Clear documentation of 2 known limitations (both low risk)

Recommendation:Approved for production deployment

The remaining risks are acceptable for a browser-based game platform where:

  1. fengari-web provides fundamental isolation from host system
  2. Browser security model prevents access to user data
  3. Worst-case impact is limited to user's own browser tab

Last Updated: 2025-12-12 Next Review: After 1 month in production

There aren’t any published security advisories