NotAshley
|
  |
| Joined: 16 Jan 2014 |
| Total Posts: 14257 |
|
|
| 23 Apr 2015 08:59 PM |
I'm writing a sandbox that sets a given function's environment to a metatable. On __index, if it finds a fake key in another table matching the requested key, it gives that value instead. Otherwise it returns the key from the global environment.
However, let's say I use this to block the ClearAllChildren function in Workspace. The sandbox can be easily bypassed by doing this:
workspace.Parent.Workspace:ClearAllChildren()
What can I do to prevent this? |
|
|
| Report Abuse |
|
|
|
| 23 Apr 2015 09:05 PM |
As I explained before, now I will give you an example.
function Wrap(Object) if pcall(function() return Object.IsA end) then local Data = newproxy(true) local Meta = getmetatable(newproxy) local Real = Object --This only works for Instances, and only if you never use ObjectValues. Meta.__index = function(Self, Key) --Add something here to prevent secret stuff from being accessed, certain classes, etc. return Wrap(Real[Key]) end Meta.__newindex = function(Self, Key, Value) Real[Key] = Value end end end
--Do the wrapping stuff here. Make sure you set workspace, game, and script to be Wrap(workspace), etc. --Make sure to modify Instance.new so it returns wrapped instances. |
|
|
| Report Abuse |
|
|
|
| 23 Apr 2015 09:06 PM |
My bad, I messed up. I also indented now.
function Wrap(Object) if pcall(function() return Object.IsA end) then local Data = newproxy(true) local Meta = getmetatable(newproxy) local Real = Object --This only works for Instances, and only if you never use ObjectValues. Meta.__index = function(Self, Key) --Add something here to prevent secret stuff from being accessed, certain classes, etc. return Wrap(Real[Key]) end Meta.__newindex = function(Self, Key, Value) Real[Key] = Value end return Data end end |
|
|
| Report Abuse |
|
|
NotAshley
|
  |
| Joined: 16 Jan 2014 |
| Total Posts: 14257 |
|
| |
|
|
| 23 Apr 2015 09:07 PM |
Oh, how fun this is Some SBs allow access to methods of Player only on your own. How fun it would be to do this:
game.Players.warspyking.Kick(game.Players.NotAshely)
Anyhow, may I suggest trying this wiki article:
http://wiki.roblox.com/index.php?title=Sandboxing |
|
|
| Report Abuse |
|
|
TimeTicks
|
  |
| Joined: 27 Apr 2011 |
| Total Posts: 27115 |
|
|
| 23 Apr 2015 09:08 PM |
| Ashley it seems like you are just writing thing that 95% of roblox users will never use in their lifetime. How is these even useful if these users can't even use what you are making? |
|
|
| Report Abuse |
|
|
|
| 23 Apr 2015 09:08 PM |
| I already gave her that article, and the guy who ninja'd me gave the same link. It doesn't explain it in-depth enough though. |
|
|
| Report Abuse |
|
|
NotAshley
|
  |
| Joined: 16 Jan 2014 |
| Total Posts: 14257 |
|
|
| 23 Apr 2015 09:09 PM |
"Ashley it seems like you are just writing thing that 95% of roblox users will never use in their lifetime. How is these even useful if these users can't even use what you are making?"
This is _very_ useful. Just because you can't find a use in it doesn't mean it's not useful. And even if something wasn't useful, questions on Scripters are questions. They should be answered, not judged based on their usefulness. |
|
|
| Report Abuse |
|
|
|
| 23 Apr 2015 09:10 PM |
"Ashley it seems like you are just writing thing that 95% of roblox users will never use in their lifetime. How is these even useful if these users can't even use what you are making?"
She is making a script builder game, in case you didn't see the other thirty threads she made. They still exist, you know. Then again, it sounds like you don't even understand what we're doing or talking about, so maybe I shouldn't blame you. |
|
|
| Report Abuse |
|
|
|
| 23 Apr 2015 09:14 PM |
Oh, I also forgot to lock the metatable. Add Meta.__metatable = "hi" |
|
|
| Report Abuse |
|
|
NotAshley
|
  |
| Joined: 16 Jan 2014 |
| Total Posts: 14257 |
|
|
| 23 Apr 2015 09:15 PM |
| thanks! could you explain what newproxy() does? |
|
|
| Report Abuse |
|
|
cntkillme
|
  |
| Joined: 07 Apr 2008 |
| Total Posts: 44956 |
|
|
| 23 Apr 2015 09:16 PM |
| I made a sandbox a while back, I'll see if I can find it but I think eLunate already did this. |
|
|
| Report Abuse |
|
|
|
| 23 Apr 2015 09:20 PM |
eLunate sure knows a lot about it, if she hasn't made one.
Newproxy is an undocumented feature of Lua. It creates a userdata. If you use the argument "true", it has a metatable that you can work with. In standard Lua, I think using any value besides true, false, and nil will try to extend the userdata you get it. I'm not sure though. In Roblox, you can only use the arguments nil and true. |
|
|
| Report Abuse |
|
|
|
| 23 Apr 2015 09:21 PM |
"try to extend the userdata you get it" *try to extend the userdata you gave it as the value. |
|
|
| Report Abuse |
|
|
NotAshley
|
  |
| Joined: 16 Jan 2014 |
| Total Posts: 14257 |
|
|
| 23 Apr 2015 09:25 PM |
"if pcall(function() return Object.IsA end) then"
is this a hacky way to check if an object is already sandboxed, or does it do something else? |
|
|
| Report Abuse |
|
|
|
| 23 Apr 2015 09:40 PM |
| It's a hacky way to check if the value is an Instance. There isn't really a better way though. |
|
|
| Report Abuse |
|
|
TimeTicks
|
  |
| Joined: 27 Apr 2011 |
| Total Posts: 27115 |
|
|
| 23 Apr 2015 09:41 PM |
| "She is making a script builder game" when there are 99999 other script builder games. I never found a point in those games either. |
|
|
| Report Abuse |
|
|
NotAshley
|
  |
| Joined: 16 Jan 2014 |
| Total Posts: 14257 |
|
|
| 23 Apr 2015 09:42 PM |
"when there are 99999 other script builder games. I never found a point in those games either. "
There's only about 2 or 3 working ones after the loadstring update. |
|
|
| Report Abuse |
|
|
TimeTicks
|
  |
| Joined: 27 Apr 2011 |
| Total Posts: 27115 |
|
|
| 23 Apr 2015 09:45 PM |
| Okay? You would think 1 SB is enough. You can build scripts in studio instead as well as another alternative. |
|
|
| Report Abuse |
|
|
|
| 23 Apr 2015 09:46 PM |
A lot more than that work, but not client-side.
And if you have never found a point in those games, then why do you have any games in your favorites? Entertainment has no point, just as you said. Get off of Roblox, and stop becoming entertained on the forums. |
|
|
| Report Abuse |
|
|
|
| 23 Apr 2015 09:48 PM |
But TimeTicks, do you script? Why would you script when you can just use what other people have made? Why would you make games when you can play existing games? Why would you learn when people have already learned it?
Besides, sandboxing is really fun. Creating and using a Lua VM is really fun. They both teach you a lot, which you apparently need to learn still. And what are the chances that one of those SBs is sufficiently sandboxed? |
|
|
| Report Abuse |
|
|
TimeTicks
|
  |
| Joined: 27 Apr 2011 |
| Total Posts: 27115 |
|
|
| 23 Apr 2015 09:48 PM |
"And if you have never found a point in those games, then why do you have any games in your favorites? Entertainment has no point, just as you said. Get off of Roblox, and stop becoming entertained on the forums."
|
|
|
| Report Abuse |
|
|
NotAshley
|
  |
| Joined: 16 Jan 2014 |
| Total Posts: 14257 |
|
|
| 23 Apr 2015 09:48 PM |
@Time
There's a very vibrant community of people in Script Builder games. I know many people who hop back and forth between all of them and share cool ideas with each other. It's quite an awesome thing.
But that's not even the point. You're attacking my thread (which is just a scripting question about sandboxing) just because it relates to type of game that you think is pointless. You're not being helpful to anyone. |
|
|
| Report Abuse |
|
|
|
| 23 Apr 2015 09:50 PM |
time you're annoying. Just cause something isn't useful or you don't like it doesn't mean you can't do it for fun.
I appreciate your attempt at humor |
|
|
| Report Abuse |
|
|
NotAshley
|
  |
| Joined: 16 Jan 2014 |
| Total Posts: 14257 |
|
|
| 23 Apr 2015 09:52 PM |
Oh, another question...
local Real = Object --This only works for Instances, and only if you never use ObjectValues
I don't quite understand the comment here; does this mean if people in my SB game use ObjectValues it will cause an error? |
|
|
| Report Abuse |
|
|